331 - Network and Web Security - 2025
Table of Contents
A.k.a 60015 or 70082, but just "331" for short.
Announcements
- The winners of the Belmont Lansdown 331 Prizes for 2024 were: Lucy Steele, Huzaifah Farooq, Lucas Graeff-Buhl-Nielsen, Robin Gupta, Boyuan Jiang, Rushil Ambati, Rickie Ma, Anonymous, Robert Wakefield, Thom Hughes.
- The 24-25 edition of the course starts on January the 13th 2025.
Resources
- Reference books (electronic edition available via central library):
- Threat modelling – Designing for security (Shostack)
- Professional Penetration Testing (Wilhelm)
- The tangled web (Zalewski)
- The Web Application Hacker's Handbook (Stuttard, Pinto)
- Recommended books
- Computer Networking - A Top-Down Approach (Kurose, Ross)
- SSL and TLS: Theory and Practice (Oppliger)
- Vulnerabilities
- CWE/SANS Top 25 Most Dangerous Software Errors.
- OWASP Top 10 list of the most critical web application security flaws.
- Search the CVE Vulnerability Database.
- Search the exploit-db database.
- Hacker One reward program for internet vulnerability disclosures.
- Full Disclosure mailing list.
- Black Hat and DEF CON hacking conferences.
- General
- A short dictionary of cybersecurity terms: Sophos' Threatsaurus.
- The Elevation of Privilege card game.
- w3schools tutorials
- Tails: live os with state-of-the-art privacy protection (including Tor browser).
- MITRE ATT&CK: a knowledge base of adversary tacticts and techniques.
- Practice hacking
- Kali Linux distribution for pentesting.
- OWASP Broken Web Applications Project
- Exploit exercises
- PentesterLab Bootcamp
- VMs recommended by students
- Sources for web-related standards:
- Blogs and news:
People
Lecturer
Sergio Maffeis. Sergio is a senior lecturer in Computer Security at Imperial, where he leads the Security and Machine Learning Lab. He received his PhD from Imperial and his MSc from University of Pisa, Italy. Maffeis' research interests include security, machine learning, formal methods, and programming languages. You can find out more from his home page.
Teaching Assistants
Almuthanna Alageel. Almuthanna is a Honorary Research Associate at Imperial College London, where he obtained his PhD under the supervision of Dr. Maffeis. He has been working for KACST in cybersecurity since 2009 in addition to providing consultancy services for several organisations. He holds several professional certifications including CISSP, CISM, CRISC and PMP. He received his MSc in Computer Science from the University of Colorado at Denver, and his BSc in Computer Engineering from King Saud University. Almuthanna is working on detecting evasive APT campaigns.
Adbdullah Adlaihan. Abdullah is a PhD student at Imperial College London under the supervision of Dr. Maffeis. He received his MSc in computer science from Georgia Institute of Technology, and his BSc in computer science from King Saud University. Abdullah's focus is on utilizing Large Language Models (LLMs) for systems security.
Eman Maali. Eman is a PhD student at Imperial College London under the supervision of Prof. McCann. Eman's Ph.D. focus is IoT Security, in which she is developing an anomaly detector for IoT networks. In 2017, Eman completed her MSc in Electromagnetic Sensor Networks at the University of Birmingham. The focus of the Master's was on electromagnetic, antennas, propagation, computer communications networks, and RF and microwave engineering. Moreover, Eman completed her BA in Computer Systems Engineering from Birzeit University in Palestine.
Fahad Alotaibi. Fahad is a PhD student at Imperial College London under the supervision of Dr. Maffeis. He received his MSc from The University of York (UK) in Cyber Security, and his BCs from Shaqra University (KSA) in Computer Science. Fahad’ research is focused on robusting deep learning-based security applications againsts evasion attacks and concept drift. Fahad is also interested in other areas such as digital forensics and ransomware prevention.
Myles Foley. Myles is a PhD student at Imperial College London under the supervision of Dr. Maffeis. He received his MEng from University College London in Electronic Engineering with Computer Science, earning the ‘Outstanding MEng Graduating Student’ prize. Myles’ research is focused at novel - and exciting - ways of applying reinforcement learning to problems in cyber security.
Hall of Fame
- 331 Bug Bounties
- 331 Bug Bounty 2023
- James Nock reported an XSS vulnerability in https://github.com/sparc/phpWhois.org.
- 331 Bug Bounty 2022
- Albert Schleidt demonstrated the Dirtycow privilege escalation exploit on the listener vm.
- Fabian Hauf, Anne-Sophie Hannes, Jonathan Powell, Vincent Bardenheier, Albert Schleidt reported a DOM-based XSS vulnerability in NaturalReaders.com.
- 331 Bug Bounty 2020
- Kelvin Zhang reported an authentication vlunerability in https://play.mtn.co.za/ to HackerOne.
- 331 Ofuscation Bounty 2020
- Winners: James Williams, Marco Selvatici.
- Runner ups: Tristan Nemoz, Robert Jin, James Dalboth and Anonymous.
- 331 Bug Bounty 2023
- Belmont Lansdown 331 Prizes
- Netcraft was sold to a US private equity fund in 2022-3. This year Mike Prettejohn, the founder and former owner of Netcraft, provided prizes worth GBP 500 from his new company, Belmont Lansdown.
- The winners of the 2024 edition were: Lucy Steele, Huzaifah Farooq, Lucas Graeff-Buhl-Nielsen, Robin Gupta, Boyuan Jiang, Rushil Ambati, Rickie Ma, Anonymous, Robert Wakefield, Thom Hughes.
- Netcraft 331 Prizes
- Between 2019 and 2023 Netcraft sponsored awards for the top 10 performers in the exam (an Amazon voucher worth GBP 250)
- The winners of the 2023 edition were: Ghazal Farzamfar, Panayiotis Gavriil, Michal Glinski, Derek Lai, Maximilian Lau, Suhaib Mohammed, James Nock, Matthew Setiawan, Mike Sorokin, Ye Lun Yang.
- The winners of the 2022 edition were: Luqman Liaquat, Albert Schleidt, Thomas Alner, Andy Wang, Vincent Bardenheier, Madi Baiguzhayev, Daniel Ababei, Rodi Degirmenci, Anonymous, Arman Fidanoglu, Thomas Loureiro Van Issum.
- The winners of the 2021 edition were: Michael Kuc, Andreas Casapu, Maksymilian Graczyk, Anonymous, Matteo Bilardi, Anonymous, Ali Abidi, Thomas Roberts, Tilman Roeder, Alexander Reichenbach
- The winners of the 2020 edition were: Zak Cutner, Daniel Hails, Hadrian Lim Wei Heng, Fraser May, Alexander Nielsen, Giovanni Passerello, Matthew Pull, Ethan Sarif-Kattan, Marco Selvatici, Sebastian Reuter
- The winners of the 2019 edition were: Jordan Spooner, Teodor Begu, Thomas Pointon, William Seddon, Niklas Vangerow, Lorenzo Silvestri, Pablo Gorostiaga-Belio, Giorgos Gavriil, Olivier Roques, Aurel Bily