|
Free Textbook Access
- Go here
- Click "Safari Online"
- In the "Select your Institution" drop-down list box, click "Not listed? Click here"
- Enter your CCSF email address
- Enter the book's title the "Find a Solution..." field
|
Catalog Description
Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.
Advisory: CS 110A or equivalent familiarity with programming
Upon successful completion of this course, the student will be
able to:
- Define and explain essential Windows features and their weaknesses
- Research, discover and exploit vulnerabilities in Mac OS X as part of ethical, authorized penetration tests
- Research, discover and exploit vulnerabilities in Cisco lOS as part of ethical, authorized penetration tests
- Evaluate and implement protection mechanisms
Textbook
"The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q
Buy from Amazon
Quizzes
The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter
before the lecture covering it, and take the quiz before that class.
Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.
CCSF students should take quizzes in the CCSF
online Canvas system:
https://ccsf.instructure.com/
Non-CCSF students will have a separate Canvas server,
to be specified later.
Discussion Board
Each CCSF student must contribute to the Discussion
Board in Canvas. There are dates
listed in the schedule with Discussion assignment
due.
For the topics and requirements, see the Discussion
board in Canvas.
Non-CCSF students don't have a Discussion Board in
Canvas, but are encouraged to join Twitter and engage
in the public discussions there.
Email
For class-related questions, please send messages inside Canvas or email
cnit.127sam@gmail.com
|
Schedule |
Date | Due | Topic |
|
Mon 1-13 | |
Mod 1 Ch 1: Before you Begin
|
|
Mon 1-20 | |
Holiday -- No Class
|
|
Mon 1-27 | Ch 1 Quiz *
Ch 2 Quiz *
Proj ED 30 due * |
Mod 2 Ch 2: Stack overflows on Linux
|
|
Mon 2-3 | Ch 3 Quiz *
Proj ED 101 & 102 due * |
Mod 3 Ch 3: Shellcode
Demo: ED 104, ED 105, ED 106, ED 201
|
|
Mon 2-10 | Ch 4 Quiz
Proj ED 103 & 104 due
|
Mod 4 Ch 4: Introduction to format string bugs
|
|
Mon 2-17 | |
Holiday -- No Class
|
|
Mon 2-24 | Ch 5 Quiz
Proj ED 201 & 202 due
|
Mod 5 Ch 5: Introduction to heap overflows
|
|
Mon 3-3 |
No Quiz
Proj ED 203 & 204 due |
Mod 6 Ch 6: The Wild World of Windows
Demo: Proj ED 308
|
|
Mon 3-10 |
|
TBA
|
|
Mon 3-17 |
Ch 6 Quiz |
Mod 7 Lecture 7: Intro to 64-Bit Assembler (Not in book)
Demo: ED 220: Intro to 64-bit Assembler (included in lecture)
Demo: ED 230: Hardening ELF Binaries
|
|
Mon 3-24 |
Ch 8a Quiz
Proj ED 205 & 206 due |
Mod 8 Ch 8: Windows overflows (Part 1)
Demo: ED 319: SEH-Based Stack Overflow Exploit
|
|
Wed 3-31 |
| Holiday: No Class |
|
Mon 4-7 |
Ch 8b Quiz
Proj ED 32 or H 2 & ED 308 due
|
Mod 9 Ch 8: Windows overflows (Part 2)
Demo: ED 301 & 302
|
|
Mon 4-14 |
L 9 Quiz
Proj ED 301 & ED 319 due
|
Mod 10 L 9: Web Templates and .NET (not in book)
Demo: ED 330
|
|
Mon 4-21 |
Ch 14 Quiz
Proj ED 302 due |
Mod 11 Ch 14: Protection Mechanisms
Demo: ED 303 & 331 & 340
|
|
Mon 4-28 |
Ch 16 & 17 Quiz (extra credit)
No Proj due |
Mod 12 Ch 16: Fault Injection & 17: Fuzzing
Demo: R 10 & 20
|
|
Mon 5-5 |
|
TBA
|
|
Mon 5-12 |
All extra credit due |
Last Class
No new material
|
|
Mon 5-14 through Wed 5-21 | |
Final Exam available online throughout the week.
You can only take it once. |
|
|
All Quizzes due 30 min. before class
* Not counted as late until 2-15 |