[Course Home]   [Syllabus]   [Announcements]   [Calendar]   [Handouts]   [Solutions]    

Weekly Calendar for Offensive Computer Security

[Week 1]   [Week 2]   [Week 3]   [Week 4]   [Week 5]  
[Week 6]   [Week 7]   [Week 8]   [Week 9]  [Week 10]
[Week 11]  [Week 12]  [Week 13]  [Week 14]  [Week 15]

Assignment code


Week 1

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Class Organizations
General Introduction
Class Organization Art: Chapter 0x100 Syllabus
(
PDF Format)
   
Thursday Technical Introduction
Introduction to Buffer Overflow
Technical Introduction
Buffer Overflow Introduction
Art: Chapter 0x200
Art: 0x310-0x321
     

Week 2

DateTopicsLecture Notes ReadingHandoutPapers/ExamplesAssignments
Tuesday Buffer Overflow
(continued)
Buffer Overflow - Part I  Art: 0x342 X86 Guide
 
Optional: Return-Oriented Programming Article  
Thursday Buffer Overflow
(continued)
Buffer Overflow - Part II  Art: 0x320, 0x330, 0x510, 0x520, 0x530   H: homework #1
(Due 9/17/2015)  
 

Week 3

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Buffer Overflow
(continued)
Same as last time         
Thursday Format String Vulnerability Format String Vulnerability Art: 0x350 Format String Paper (Source:
https://crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf) 
 

Week 4

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Buffer Overflow
(continued)

Format String Vulnerability
Buffer Overflow - Part II
(Updated)
 
Art: 0x690, 0x350      
Thursday Format String Vulnerabilities
(Continued)
  Art: 0x350      

Week 5

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Format String Vulnerabilities
(Continued)

(Same as last time)  Art: 0x350      
Format String Vulnerabilities Hash Functions
(Continued)

         

Week 6

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday No class Instructor at ICIP         
Thursday Exploitation of other segments See the notes for next Tuesday Art: 0x340     H: Homework #2
(Due 10/08/2015) 

Week 7

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Exploitation of other segments Exploitation of other segments        
Thursday Exploition in other segments
(Continued)
(Same as last time)    Anatomy of an exploit -
inside the CVE-2013-3893
 
   

Week 8

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Networking and remote
exploitation techniques
Networking  ART: 0x420       
Thursday Remote exploitation techniques

Midterm Exam Review
Midterm Exam Review  ART: 0x540-0x550       

Week 9

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Midterm Exam Review
(Continued)
       
Thursday Midterm Exam          

Week 10

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Midterm Exam Summary and Discussion           
Thursday Remote Exploitation
Breaking RC4 in WEP
and in WPA and TLS
Networking and RC4  ART: 0x620-0x670
ART: 0x730-0x750
ART: 0x770-0x780 
  Please use Google to find the papers.
  • S. Fluhrer, I. Mantin, and A. Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4," 2001.
  • A. Stubblefield, J. Ioannidis, and A. Rubin, "A Key Recovery Attack on the 802.11b Wired Equivalent Privacy Protocol (WEP)," 2004.
  • N. AlFardan, D. J. Bernstein, and K. G. Paterson, "On the Security of RC4 in TLS," USENIX, 2013.
  • K. G. Paterson, B. Poettering, and J. C. N. Schuldt, "Plaintext Recovery Attacks Against WPA/TKIP*," 2014.
  • M. Vanhoef and F. Piessens, "All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS", USENIX, 2015.  
  

Week 11

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Breaking RC4
(Continued)
  ART: 0x770-0x780        
Thursday Breaking RC4 in TLS
Introduction to Web Application and Security
Introduction to Web Security  Web: Chapters 2, 3, and 7        

Week 12

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Web Security - Injection SQL Injection and XSS WEB: Chapters 2, 3, and 7      
Thursday CS Expo          

Week 13

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Web Security - CRSF & Same Origin Polciy CSRF & Same Origin Policy        
Thursday Metasploit Framework Metasploit - Part I
Metasploit Documentation       

Week 14

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Metasploit
(Continued)

SRE and Anti-Analysis Techniques
Metasploit - Part II

SRE and Anti-Analysis Techniques
ART: 0760      
Thursday Thanksgiving No class        

Week 15


Final Exam Week

DateTopicsLecture Notes ReadingHandoutPapersAssignments
Tuesday Software Reverse Engineering
(Continued)

Final Exam Review
SRE and Anti-Analysis Techniques
(Same as last time)

Final Exam Review  
       
Thursday Physical Security - Lock Picking Note: In Love 151          
DateTopicsLecture Notes ReadingHandoutPapersAssignments
Friday December 11, 3:00 - 5:00PM         Final Exam (Cumulative)


[Course Home]   [Syllabus]   [Announcements]   [Calendar]   [Handouts]   [Solutions]    
Last modified, August, 2014