Attack demonstration ideas

You are expected to demonstrate one of the known security attacks in the class and present the key concept behind it. 20%  of the course credit is dedicated to this. You may use existing code, but you must understand what is happening to the extent that you can explain it in the class and address basic questions.

Another reminder: DO NOT attack a system that you don't own. Use your best judgment, and whenever in doubt, ask me first.

Here are some attacks that might be interesting to demonstrate in the class. You are more than welcome to pick your own attack and demonstrate it. You should at least consult with me once before the presentation.

1. Spectre/Meltdown.
2. Heartbleed bug.  Heartbleed was a serious implementation flaw in OpenSSL. Demonstrate the exploitation of this vuln. See this more info: https://resources.infosecinstitute.com/lab-heartbleed-vulnerability/
3. CAPTCHA cracking. Break a CAPTCHA scheme. You may use deep learning or other machine learning techniques
4. Smartphone Spyware. Develop a demonstration spyware program for Android or jailbroken iPhones. Your program should illustrate the dangers of surreptitious data theft, recording, photographing, and location tracking.
5. Hidden Voice Commands. Implement the hidden voice commands attack for android or iPhone.
6. Windows SMBv3 bufferover flowvulnerabillity. Also known as SMBBleed attack. https://dl.packetstormsecurity.net/papers/general/CVE-2020-0796.pdf Links to an external site.
7. Log4j attack. https://www.swarmnetics.com/blog/apache-log4j-vulnerability-explained/ Links to an external site.