In the "Select your Institution" drop-down list box, click "Not listed? Click here"
Enter your CCSF email address
Enter the book's title the "Find a Solution..." field
Catalog Description
Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.
Advisory: CS 110A or equivalent familiarity with programming
Upon successful completion of this course, the student will be
able to:
Define and explain essential Windows features and their weaknesses
Research, discover and exploit vulnerabilities in Mac OS X as part of ethical, authorized penetration tests
Research, discover and exploit vulnerabilities in Cisco lOS as part of ethical, authorized penetration tests
Evaluate and implement protection mechanisms
Textbook
"The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q
Buy from Amazon
Quizzes
The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter
before the lecture covering it, and take the quiz before that class.
Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.
Don't use CCSF's Canvas system for this class. Instead, all students
should use this Canvas server:
Each CCSF student must contribute to the Discussion
Board in Canvas. There are dates
listed in the schedule with Discussion assignment
due.
For the topics and requirements, see the Discussion
board in Canvas.
Non-CCSF students don't have a Discussion Board in
Canvas, but are encouraged to join Twitter and engage
in the public discussions there.
Email
For class-related questions, please send messages inside Canvas or email
cnit.127sam@gmail.com
Schedule
Date
Due
Topic
Mon 1-13
Mod 1 Ch 1: Before you Begin
Mon 1-20
Holiday -- No Class
Mon 1-27
Ch 1 Quiz *
Ch 2 Quiz *
Proj ED 30 due *
Mod 2 Ch 2: Stack overflows on Linux
Mon 2-3
Ch 3 Quiz *
Proj ED 101 & 102 due *
Mod 3 Ch 3: Shellcode
Demo: ED 102, ED 103, ED 104
Mon 2-10
Ch 4 Quiz
Proj ED 103 & 104 due
Mod 4 Ch 4: Introduction to format string bugs
Demo: ED 204, 201, 202
Mon 2-17
Holiday -- No Class
Mon 2-24
Ch 5 Quiz
Proj ED 201 & 202 due
Mod 5 Ch 5: Introduction to heap overflows
Demo: ED 203
Mon 3-3
Ch 6 Quiz
Proj ED 203 & 204 due
Mod 6 Ch 6: The Wild World of Windows
Demo: Proj ED 308
Mon 3-10
TBA
Mon 3-17
No Quiz
Mod 7 Lecture 7: Intro to 64-Bit Assembler (Not in book)
Demo: ED 220: Intro to 64-bit Assembler (included in lecture)
Demo: ED 230: Hardening ELF Binaries
Mon 3-24
Ch 8a Quiz
Proj ED 205 & 206 due
Mod 8 Ch 8: Windows overflows (Part 1)
Demo: ED 319: SEH-Based Stack Overflow Exploit
Wed 3-31
Holiday: No Class
Mon 4-7
Ch 8b Quiz
Proj ED 32 or H 2 & ED 308 due
Mod 9 Ch 8: Windows overflows (Part 2)
Demo: ED 301 & 302
Mon 4-14
L 9 Quiz
Proj ED 301 & ED 319 due
Mod 10 L 9: Web Templates and .NET (not in book)
Demo: ED 330
Mon 4-21
Ch 14 Quiz
Proj ED 302 due
Mod 11 Ch 14: Protection Mechanisms
Demo: ED 303 & 331 & 340
Mon 4-28
Ch 16 & 17 Quiz (extra credit)
No Proj due
Mod 12 Ch 16: Fault Injection & 17: Fuzzing
Demo: R 10 & 20
Mon 5-5
TBA
Mon 5-12
All extra credit due
Last Class
No new material
Mon 5-14 through Wed 5-21
Final Exam available online throughout the week.
You can only take it once.
All Quizzes due 30 min. before class * Not counted as late until 2-15