In the "Select your Institution" drop-down list box, click "Not listed? Click here"
Enter your CCSF email address
Enter the book's title the "Find a Solution..." field
Catalog Description
Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.
Advisory: CS 110A or equivalent familiarity with programming
Upon successful completion of this course, the student will be
able to:
Define and explain essential Windows features and their weaknesses
Research, discover and exploit vulnerabilities in Mac OS X as part of ethical, authorized penetration tests
Research, discover and exploit vulnerabilities in Cisco lOS as part of ethical, authorized penetration tests
Evaluate and implement protection mechanisms
Textbook
"The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q
Buy from Amazon
Quizzes
The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter
before the lecture covering it, and take the quiz before that class.
Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.
Don't use CCSF's Canvas system for this class. Instead, all students
should use this Canvas server:
Each CCSF student must contribute to the Discussion
Board in Canvas. There are dates
listed in the schedule with Discussion assignment
due.
For the topics and requirements, see the Discussion
board in Canvas.
Non-CCSF students don't have a Discussion Board in
Canvas, but are encouraged to join Twitter and engage
in the public discussions there.
Email
For class-related questions, please send messages inside Canvas or email
cnit.127sam@gmail.com
Schedule
Date
Due
Topic
Mon 1-13
Mod 1 Ch 1: Before you Begin
Demo: ED 30
Mon 1-20
Holiday -- No Class
Mon 1-27
Ch 1 Quiz *
Ch 2 Quiz *
Proj ED 30 due *
Mod 2 Ch 2: Stack overflows on Linux
Mon 2-3
Ch 3 Quiz *
Proj ED 101 & 102 due *
Mod 3 Ch 3: Shellcode
Demo: ED 102, ED 103, ED 104
Mon 2-10
Ch 4 Quiz
Proj ED 103 & 104 due
Mod 4 Ch 4: Introduction to format string bugs
Demo: ED 204, 201, 202
Mon 2-17
Holiday -- No Class
Mon 2-24
Ch 5 Quiz
Proj ED 201 & 202 due
Mod 5 Ch 5: Introduction to heap overflows
Demo: ED 203 and ED 205
Mon 3-3
Ch 6 Quiz
Proj ED 203 & 204 due
Mod 6 Ch 6: The Wild World of Windows
Demo: Proj ED 308
Mon 3-10
Demos: H 150, H 151, H 140
Mon 3-17
No Quiz
Mod 7 Lecture 7: Intro to 64-Bit Assembler (Not in book)
Demo: ED 220: Intro to 64-bit Assembler (included in lecture)
Demo: ED 230: Hardening ELF Binaries
Demo: ED 309
Mon 3-24
Ch 8a Quiz
Proj ED 205 & 206 due
Mod 8 Ch 8: Windows overflows (Part 1)
Demo: ED 318
Wed 3-31
Holiday: No Class
Mon 4-7
Ch 8b Quiz
Proj ED 32 or H 2 & ED 308 due
Mod 9 Ch 8: Windows overflows (Part 2)
Demo: ED 319 & 301 & 302
Mon 4-14
Workshop: Getting Started in Open Source Security Research
Mon, Apr 14, 2025, 6:00 pm, in Steam 102
Speaker: Kate Kligman is a software engineer with experience at McKesson,
Grove Collaborative, Pantheon and Visa. She has also worked as an
open-source contributor with contributions in security and research.
About the workshop:
Learn how to get started making security contributions to open-source software
Learn tools and techniques for discovering and reporting open-source vulnerabilities
Static analysis vulnerability detection workshop
For remote attendance, use Zoom
Password: student1
