CNIT 123
|
3rd Ed:
Rent ($60-80) ·
Rent ($60-80) |
Catalog DescriptionADVISE: CNIT 106 or 120 or 201C Student Learning OutcomesAfter successful completion of this course, students will be able to: TextbookHands-On Ethical Hacking and Network Defense, Third Edition by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610 QuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up till 8:30 am Saturday. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Live StreamingYou can attend class remotely using Zoom. |
Schedule | ||||
---|---|---|---|---|
Date | Assignments | Topic | ||
Sat 1-20 |
Bitcoin & Lockpicking
| |||
Sat 1-27 | Ch 2 Quiz* ** | Ch 1: Ethical Hacking Overview Ch 2: TCP/IP Concepts Review
| ||
Fri 2-2 | Last Day to Add Classes | |||
Sat 2-3 | Ch 3 Quiz* Proj 1 & 2 due |
Ch 3: Network and Computer Attacks
| ||
Sat 2-10 | Ch 4 Quiz* Proj 3 & 4 due |
Ch 4: Footprinting and Social Engineering
| ||
Sat 2-17 | Holiday - No Class | |||
Sat 2-24 | Ch 5 Quiz* Proj 5 & 6 due |
Ch 5: Port Scanning
| ||
Sat 3-3 | Ch 6 Quiz* Proj 7 & 8 due |
Ch 6: Enumeration
| ||
Sat 3-10 | Ch 7 Quiz* Proj 9 & 10 due |
Ch 7: Programming for Security Professionals
|
||
Sat 3-17 | Proj 11 & 12 due | Ch 8: Desktop and Server OS Vulnerabilites
| ||
Sat 3-24 | Ch 8 Quiz and Ch 9 Quiz* Proj 14 due |
Ch 9: Embedded Operating Systems: The Hidden Threat
| ||
Sat 3-31 | Holiday - No Class | |||
Sat 4-7 |
Class Cancelled for TORO.HACK |
|||
Sat 4-14 | Ch 10 Quiz* Proj 13 & 15 & 16 due |
Ch 10: Hacking Web Servers
| ||
Sat 4-21 | Ch 11 Quiz* Proj 17 & 18 due |
Ch 11: Hacking Wireless Networks
| ||
Sat 4-28 | Ch 12 Quiz* Proj 19 & 20 due |
Ch 12: Cryptography (Part 1)
| ||
Sat 5-5 | No Quiz due Proj 21 due |
Ch 12: Cryptography (Part 2)
| ||
Sat 5-12 |
| |||
Wed 5-16 - Wed 5-23 |
Final Exam available online throughout the week. You can only take it once. | |||
* Quizzes due 30 min. before class ** No late penalty until Feb 3 |
Slides & Handouts | |
---|---|
Grading Policy
· First Day Handout Bitcoin and Blockchains · KEY · PDF Security Training at CCSF · KEY · PDF Lecture videos from last semester
Ch 1: Ethical Hacking Overview ·
KEY ·
PDF
Click a lecture name to see it on SlideShare. |
Links |
---|
Links From LecturesCh 1a: Robert Bruen's review of the textbookCh 1b: Wired News: Ethical Hacking Is No Oxymoron Ch 1c: EC-Council | Certified Ethical Hacker Certification Ch 1d: EC-Council | Code of Ethics Ch 1e: Run Away From The CEH Certification Ch 1f: ISECOM - OPST Accredited Certification Ch 1g: Rate My Network Diagram Ch 1h: RE: OPST and CEH Certifications Ch 1i: SANS Institute - Network and Computer Security Training Ch 1j: SANS Top-20 Internet Security Attack Targets (2006 Annual Update) Ch 1k: CCSF COMPUTER USAGE POLICY Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004 Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004 Ch 1l3: Lycos's Spam Attack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004 Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005 Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -- May 2, 2006 Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -- May 17, 2006 Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006 Ch 1q: Linux update becomes terminal pain Ch 1r: Permission Memo for Penentration Testing Ch 1s: Freed LulzSec hacker banned from contacting Anons, wiping data Ch 1t: The Secret Anarchy of Science sales rocket after Jake Davis seen clutching a copy Ch 1u: Leading Member of LulzSec Hacker Squad Arrested in London (from 2011) Ch 1v: Ryan Cleary: 'Hacker' accused of bringing down 'British FBI' site Ch 1v: How I Out-Hacked a LulzSec Member Ch 1w: Stay Out of Anonymous
Ch 2a: Header
Format
Ch 3 Lecture Demo:
Companion Trojan 1
Ch
4a1: Download Java SE Development Kit 6 Update 4
Ch 5a: Port
scans legal, judge says (12/18/2000)
Ch 6a: NetBios
Howto
Ch 7a: Where are
the C libraries? [Archive] - Ubuntu Forums
Ch 8a: Microsoft
Baseline Security Analyzer (MBSA)
Ch 9a: Windows Embedded - Wikipedia
Ch_10a: Sam's
Feedback Form (HTML)
Ch_11a: Wlan
defaults - Rexploit (archived from 2005)
Ch_12a: Enigma
machine - Wikipedia
Ch_13a: Router -
Wikipedia
l_14a:
compatible_cards [Aircrack-ng]
Miscellaneous LinksRobtex - great DNS analysis toolYouTube - Reset Passwords on Windows XP and Vista using Backtrack 4 - Captions and Voice Included WebGoat Notes--Learn Web App Security Ubuntu 10.0.4, VMware and No Keyboard : Solo Technology Warning about VMWare Player and new Ubuntu 10.04 How to reset domain admin password on Windows Server 2008--Utilman Exploiting the LNK Vulnerability with Metasploit Decrypting SSL traffic with Wireshark, and ways to prevent it EVIL-PDF-ATTACK-FILE-for-classroom-demo Port Scanner Challenge: Nmap, Unicornscan, PortBunny -- UnicornScan is 5x faster than Nmap Proj 10: ActivePython Downloads - old versions here Old Version of Adobe Acrobat Reader Download - OldApps.com Metasploit Unleashed - Mastering the Framework--awesome course Metasploit Class Videos from Irongeek Smashing the stack in 2010 (improved) Great video taking over a domain with Metasploit--Good Pentesting Techniques Old versions of Adobe Acrobat Reader straight from Adobe Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit Penetration Testing and Vulnerability Analysis - WIndows Exploitation 101 How to Break Into a Mac (And Prevent It from Happening to You) Wardriving FAQ -- Wardriving is not illegal A SANS article on the legality of wardriving New Snort rules to stop Rockwell & other SCADA attacks (10-5-110
HUGE list of vulnerable Web apps to use for training
Windows Credentials Editor (WCE) FAQ
Warriors of the Net HD - YouTube - good version as of Jan 2015 New Unsorted LinksApache .htaccess file - Examples and Common Uses | DigitalOcean -- VERY USEFULA tcpdump Tutorial and Primer with Examples Best tcpdump Tutorial and Primer with Examples Add/Drop Procedure virtual machine - Guest OS resolution (text too small) in vmware workstation 12 player 2017-09-27: DHS planning to collect social media info on all immigrants Ch 8zl: Windows 10's "Controlled Folder Access" Anti-Ransomware Feature Is Now Live Ch 9v: Mirai botnet -- Krebs on Security Ch 9w: The Mirai Botnet Isn't Easy to Defeat Ch 10zs: TIOBE Index -- popularity of programming languages Ch 10zt: Serialization and Deserialization in Java Ch 12-2017-1: 'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time Ch 12-2017-2: Google Online Security Blog: Announcing the first SHA1 collision Ch 12-2017-3: SHAttered USB LAN7500 Driver for Mac Adapter in S214 Metasploit: Not connecting to database Ch 3za: NullArray/AutoSploit: Automated Mass Exploiter Ch 3zb: Threat or menace? "Autosploit" tool sparks fears of empowered "script kiddies" Fixing a Error in Kali Rolling Repository AWS Educate -- Free AWS Credit for Students How to install Kali Linux on Google Cloud How to install Kali Linux on Google Cloud -- Penetration Testing Using the gsutil Tool -- Google Cloud GitHub - Wh1t3Rh1n0/deb2kali: A Script to Convert Debian Linux into Kali Linux LionSec/katoolin: Automatically install all Kali linux tools How to Install WAMP |