Sam Bowne

Old Classes

Spring 2017 Events


Tue, May 16 How to Prepare for the Worst DDoS with the Best Defense
10 am PST, online webinar


Thu, May 18 Lab Assistant's Lunch
Noon


May 9 - 11, 2017
Washington, DC
(ISC)2 CyberSecureGov 2017

My talk: Attacking and Defending Web Applications
1:10 - 1:55 PM Tues, May 9

Command Injection Projects

1. Ping Form Winners
2. Buffer Overflow Winners
3. ImageMagick Winners
4. SQL Injection Winners 1
Winners 2
Passwords on a Phone (Redacted) (KEY file)

Staples App Insecure Encryption (Fixed)

Homework: Steal My Credit Card Information


Mon, May 1
6:30 PM SCIE 200

Technical Sergeant Fernando Borrego
Air National Guard Reserve


Tues, Apr 25
6:10 MUB 388

Jason Haddix
Head of Trust and Security @Bugcrowd


Weak Encryption in the Staples Android App

 

Instructions: Stealing Personal Data from the Staples Android App


Thurs, Apr 20

FLEX Day
Mandatory Faculty Meetings


Fri, Apr 21
9-12

CCSF Open House: S214 will be open
Flyer


Fri, Mar 31 -
Fri, Apr 14
PicoCTF

Mon April 17, 2017
11 am

Meeting re: Cybersecurity Apprenticeships


Mon April 17, 2017
6 PM SCIE 200
NOT in MUB

Guest Speaker: Jason Nelson
Desktop Support Technician at Child Mind Institute |
Digital Advertising/Social Media consultant to
lifestyle brands and non-profits


Tues, Apr 18
6:10 MUB 388

TALK CANCELLED

Matthew Linton
formerly at NASA, now at Google


Tue, Apr 4
5-7 PM
Violent Python class at Hult International Business School


Mon, Apr 10 -
Weds Apr 12
9-12
Networking lectures at Mission for Springboard, Room 228

Mon: Ch 10: Command Line Tools PPT

Project 1: Sniffing HTTP Traffic with Wireshark
Project 2: Sniffing UDP and TCP Traffic with Wireshark
Project 3: Using Wireshark to Analyze a Packet Capture File
Binary Games
Tue: Ch 11: Network Management PPT

Wed: Ch 12: Network Security PPT

Pop Out


Tue, Apr 11
5-7 PM
Violent Python
Hult International Business School


Mon, Apr 3
12:30 - 2 PM
Hack the Hood


Tue, Mar 28
5-7 PM
Violent Python class at Hult International Business School


Tue, Mar 21
6 PM MUB 388
Rachel Chalmers
VP marketing, Unitive


Mon, Mar 13 -
Mon, Mar 20
EasyCTF


Tue, Mar 7
6 PM MUB 388
Will Bengston, @__muscles
Title: "Senior Security Program Manager"
Bio: Punisher of security at Nuna Health &
has been blowing cyber criminals away for years


Mon, Feb 27
5 PM SCIE 200
Tim Mcguffin
Red Team Manager at Lare Consulting
IoT and Corporate Pentesting, Prepping for Success


Mon, Feb 13 -
Fri, Feb 17, 2017
RSA Conference 2017
San Francisco

My workshop: Hands-On Exploit Development
4-6 PM Weds., Feb.15, LAB1-W12
With Devin Duffy-Halseth & Dylan Smith


Tue, Feb 14
6 PM MUB 388
Deviant Ollam @deviantollam

Title: "I'll Let Myself In: Tactics of Physical Pen Testers"

Abstract: Many organizations are accustomed to being scared at the results of their network scans and digital penetration tests, but seldom do these tests yield outright "surprise" across an entire enterprise. Some servers are unpatched, some software is vulnerable, and networks are often not properly segmented. No huge shocks there. As head of a Physical Penetration team, however, my deliverable day tends to be quite different. With faces agog, executives routinely watch me describe (or show video) of their doors and cabinets popping open in seconds. This presentation will highlight some of the most exciting and shocking methods by which my team and I routinely let ourselves in on physical jobs.

Bio: While paying the bills as a security auditor and penetration testing consultant with The CORE Group, Deviant Ollam is also a member of the Board of Directors of the US division of TOOOL, The Open Organisation Of Lockpickers. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a GSA certified safe and vault technician and inspector. At multiple annual security conferences Deviant runs the Lockpick Village workshop area, and he has conducted physical security training sessions for Black Hat, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point. His favorite Amendments to the US Constitution are, in no particular order, the 1st, 2nd, 9th, & 10th.


Thu, Feb 16
6 PM MUB 388
Jeffrey Carr

Author, 'Inside Cyber Warfare' (O'Reilly Media 2009, 2011)
CEO, Taia Global, Inc.
Founder, Suits and Spooks conference

Live stream


Sun, Feb 12 -
Mon, Feb 13, 2017
BSidesSF 2017
San Francisco

My workshop: Exploiting Websites Hands-On
1:30 - 3:30 Mon.


Tue, Jan 24, 2017
6 PM
MUB 388
Doug Huff: Operations Engineer with over a decade of experience.


Fri Jan 27, 2017
1:30 PM
Tutor/Mentor training: MUB 239


Fri Jan 27, 2017
2 PM
WRCCDC Competitor's Call


Sat Jan 28, 2017
9:30 am - 3:30 pm
WRCCDC Virtual Qualifier


Fri, Jan 13, 2017
9 am until
the last man
drops
Faculty meetings (FLEX)


Fri, Jan 13, 2017
2 PM
WRCCDC Competitor's Call


Thu, Jan 5, 2017 -
Fri, Jan 6
San Jose
2017 Winter ICT Educators' Conference
Schedule Cisco
My session: Python Scripting for Cybersecurity Professionals
Thurs. 3:30 - 5:20 Kistler


Advanced Cybersecurity Certificate
Approved 9-7-16

CNIT 124: Advanced Ethical Hacking
CNIT 125: Information Security Professional Practices
CNIT 126: Practical Malware Analysis
CNIT 127: Exploit Development
CNIT 128: Hacking Mobile Devices

Flag Counter

Fall 2016 Classes

CNIT 40: DNS Security
Tue 6 pm; Moved to Cloud 218; 77239
8-23, 9-13, 9-27, 10-11, 11-1, 11-22, 12-13

CNIT 121: Computer Forensics
Wed 6 pm; SCIE 200; 77242

CNIT 123: Ethical Hacking and Network Defense
Thu 6 pm; SCIE 200; 72250

CNIT 129S: Securing Web Applications
Mon 6 pm; SCIE 200; 77382

CNIT 140: IT Security Practices
Sat 10 am, Cloud 218; Room and time changed; 77301
Training for the Collegiate Cyberdefense Competition

CNIT 197 & 198: Internship and Work Experience
Orientation & Job Fair: 8-25, 4 PM, Cloud 218; 77248 & 77249

S214 & S37 Open Lab Hours

Office hours: Mon, Wed, & Thu 8:30 - 9:30 PM in SCIE 214
Sat 12:00 - 12:30 PM SCIE 214

CCSF_HACKERS CTF Team

Calendar of Instruction  ·  Bi-Weekly Pay Periods  ·  Certificates  ·  Degree  ·  Promotional slide show

Fall 2016 Events
(in reverse order)


Fri, Dec 16, 2016
2 PM
WRCCDC Competitor's Call


Mon-Wed
Dec 12-14, 2016
Texas State Winter Working Connections

Attacking and Defending Web Applications: Hands-On
(Taught online from San Francisco)


Tue, Dec 6, 2016
YearUp: Hacking for Jobs · KEY · PDF

Command Injection Challenges

 


Tue, Dec 6, 2016 1 pm Systems test for Winter Working Connections


Wed, Dec 7, 2016 12:00 pm Lunch for lab assistants


Wed, Dec 7, 2016 2:30 pm Training, MUB251


Thu, Dec 8
SCIE 37
5 PM


Thu, Dec 8
SCIE 200
6 PM
The Gap Cybersecurity Division
David Hua - Systems Engineer III, Security Engineering
Santa Ram Susarapu - Senior Manager, Security Engineering



Sat, Dec 3, 2016 WRCCDC Virtual Invitational
10:30AM-2:30PM PDT


Fri, Nov 4, 2016
2 PM
WRCCDC Competitor's Call


Fri, Nov 4, 2016 -
Sun, Nov 6
Rochester, NY
INTER-COLLEGIATE
PENETRATION TESTING
COMPETITION

RESULTS



Sat, Nov 5, 2016 WRCCDC Virtual Invitational
10:30AM-2:30PM PDT


Fri, Oct 21, 2016
2 PM
WRCCDC Competitor's Call


Weds, Oct 26
6 PM
SCIE 200
Conrad del Rosario
Assistant District Attorney
San Francisco District Attorney's Office
White Collar Crimes Division

Case study on the Terry Childs case & more

Please read this case document before the talk


Tue, Oct 18, 2016 CCSF Flex (mandatory faculty meetings)

10-12: Reading Session 6, S45



Monday, 10-17-16
6 PM
SCIE 200
Guest Speaker: Procedural and Practical: Real World Pentesting
Michael Fowl from KirkPatrickPrice Penetration Testing

He's a fulltime penetration tester with KirkpatrickPrice. His work experience has included 5 years of penetration testing against organizations in just about every vertical, including finance, government, energy, and transportation. He's very familiar with the http://www.nationalccdc.org/ competition and has volunteered on various teams at the regional and national events over the years, including White, Orange, and Red teams. He likes to do bug bounty hunting in his extra time, which has included turning bugs for several major companies and recently finishing in the top ten hackers for the Hack the Pentagon event.



Sat, Oct 1, 2016 -
Sun, Oct 2
Silicon Valley Code Camp

My Talk: Honeypots, Cybercompetitions, and Bug Bounties
9:45 am Sat; Room RG-248
SlideShare · PDF · KEY


Thu, Sept 15, 2016 Cloudflare Internet Summit 2016


Mon, Sep 12, 2016
6:10 PM, SCIE 200
Kashmir Hill from Fusion
Twitter: @kashhill

Summer 2016 Events
(in reverse order)
Tue, Aug 2, 2016 -
Wed, Aug 3, 2016
Las Vegas
Hands-on Cryptography with Python (plus Blockchains) (FULL)
Weds 2-6 PM, Training Ground I & II Siena

LIVE STREAMS OF TALKS


Thu, Aug 4, 2016 -
Sun, Aug 7, 2016
Las Vegas

DEF CON 24

Workshops
Exploit Development for Beginners
Fri 10:00 - 2:00, Las Vegas Ballroom 4
Hands-on Cryptography with Python (plus Blockchains)
Sat 2:00 - 6:00, Las Vegas Ballroom 4

Packet Hacking Village
Download v1.pcap
Packet Detective

Wed, July 27
Tustin, CA
6-8 PM
IEEE Orange County Cybersecurity SIG

Workshop: Command Injection
(Exploit Development for Beginners)



Talk: "When Vulnerability Disclosure Turns Ugly",
with Alex Muentz Video Slides (pptx) (key) -- Fri 12:00 Lamarr

Workshop Schedule

Violent Python    Sat 1-4, Paris room, 6th floor

Exploit Development    Sun 4-7, Paris room, 6th floor

Slides: Real Hacking

1. Ping Form: Command Injection Winners
2. Buffer Overflow: Command Injection Winners
3. ImageMagick: Command Injection Winners
4. SQL Injection Winners 1
Winners 2
Winners 3
5. Linux Buffer Overflow Without Shellcode Practice

6. Linux Buffer Overflow Without Shellcode Challenges

7. Linux Buffer Overflow With Dash Shellcode Practice

8. Remote Linux Buffer Overflow With Metasploit Shellcode Practice

9. Linux Buffer Overflow With Shellcode Challenges

Entire Exploit Development Course


Mon, June 27 -
Fri, July 1, 2016
Sierra College, Rocklin
WASTC Faculty Development Week

Scripting for IT Professionals (with Blockchains)


Sat, May 28 -
Sun, May 29, 2016
Los Angeles

Taking Over Real Servers

Sat. 1 PM in the Chillout Room

1. Ping Form: Command Injection Winners
2. Buffer Overflow: Command Injection Winners
3. ImageMagick: Command Injection Winners
4. SQL Injection Winners 1
Winners 2
Winners 3
5. Linux Buffer Overflow Without Shellcode Practice

6. Linux Buffer Overflow Without Shellcode Challenges

7. Linux Buffer Overflow With Dash Shellcode Practice

8. Remote Linux Buffer Overflow With Metasploit Shellcode Practice

9. Linux Buffer Overflow With Shellcode Challenges

Entire Exploit Development Course

Spring 2016 Classes

CNIT 120: Introduction to Security
Tue & Thur 11:10-12:25 pm SCIENCE 37 36679

CNIT 123: Ethical Hacking and Network Defense
Wed 6:10-9:00 pm SCIENCE 37 36684

CNIT 125: CISSP Prep (Information Security Professional)
Sat. 9:10-12:00 SCIENCE 37 37183

CNIT 126: Practical Malware Analysis
Mon 6:10-9:00 pm CLOUD 218 37184

CNIT 197 & 198: Internship and Work Experience
36996; 36995

Office hours: Mon & Wed 8:30 - 9:30 PM in SCIE 214
Tue & Thurs 12:15 - 1:00 PM SCIE 214

S214 Open Lab Hours

CCSF_HACKERS

Calendar of Instruction  ·  Bi-Weekly Pay Periods  ·  Certificates  ·  Degree

Spring 2016 Events
(in reverse order)
Wed Apr 20 -
Tue, May 31
CCSF Bugcrowd CTF

EXTENDED THROUGH MAY


Mon
May 16
6 PM
Cloud 216
Visiting speaker: Dan Borges
Red Teaming at CCDC

Fri, May 20
Noon
Dolores Park
CCSF_HACKERS BBQ

RSVP: Email ccsf_hackers@mail.ccsf.edu



Workshop: Taking Over Real Servers (Sat 10 am)

CactusCon
Winners
1. Ping Form: Command Injection 51 Winners
2. Buffer Overflow: Command Injection 61 Winners
3. ImageMagick: Command Injection 17 Winners
4. SQL Injection 8 Winners 1
Winners 2
Winners 3
5. Linux Buffer Overflow Without Shellcode Practice

6. Linux Buffer Overflow Without Shellcode Challenges

7. Linux Buffer Overflow With Dash Shellcode Practice

8. Remote Linux Buffer Overflow With Metasploit Shellcode Practice

9. Linux Buffer Overflow With Shellcode Challenges

Entire Exploit Development Course


Fri Apr 29


Wed Apr 27


Mon Apr 25
5 PM SCIE 214
CCSF_HACKERS Guest Speaker: Taylor Leach "Favorite CTF Tools"


Wed, Apr 20
6 PM
SCIE 37
Guest Speaker: Sam Houston from BugCrowd


Wed, April 13
4:30 PM
Batmale 453
Travis A. O'Brien, Ph. D, Lawrence Berkeley Lab
Programming at LBL & Internship Opportunities

ty @ccsfcoders


Fri, Apr 8, 2016 Torrance, CA

Hacking Real Servers · Slides: KEY · PPTX · HTML

Hands-on Projects

1. Lockpicking
2. Linux Buffer Overflow: Command Injection
3. Ping Form: Command Injection
4. SQL Injection

Exploit Development Course


Tue, Apr 5, 2016
6:30 PM
San Francisco
Bay Area OWASP Meetup


Wed, Mar 30 &
Fri, Apr 1, 2016
Houston, TX
Hands-On Workshops at Houston Community College

Wed, Mar 23
4:15 PM
Rosenberg 305
Eric Pouyoul, Lawrence Berkeley Lab
Software Defined Networking in the WAN

ty @ccsfcoders


Wed, Mar 16
9-4:30
San Francisco


Sat, Mar 12
9:30 AM
SCIE 37
Nicholai Piagentini
Palo Alto Networks


Mon, Feb 29 -
Fri, Mar 4, 2016

Free RSA Passes


Sun, Feb 28 -
Mon, Feb 29, 2016
B-Sides SF

Exploit Development Training & Competition

Introduction: Hacking Real Servers KEY · HTML

Hands-on Projects

1. Linux Buffer Overflow: Command Injection · Winners

2. SQL Injection · Level 1 Winners · Level 2 Winners · Level 3 Winners

3. Linux Buffer Overflow Without Shellcode Practice
4. Linux Buffer Overflow Without Shellcode Challenges
5. Linux Buffer Overflow With Dash Shellcode Practice
6. Remote Linux Buffer Overflow With Metasploit Shellcode Practice
7. Linux Buffer Overflow With Shellcode Challenges

Entire Exploit Development Course


Mon, Feb 8
5 PM, SCIE 214
CCSF_HACKERS Club Meeting
Speaker: Tim Ryan
Technical Operations Manager for CCSF


Winter Break 2015 Event
Thu, Jan 7 &
Fri, Jan 8, 2016
Cisco Campus
Bldg 9
260 E Tasman Drive
San Jose, CA
2016 Winter ICT Educators' Conference

My session: Hacking Real Servers, 1:30 - 5:30 Thurs.
Slides: KEY · PPTX · HTML

Hands-on Projects

1. Linux Buffer Overflow: Command Injection
2. Linux Buffer Overflow Without Shellcode
2x. Linux Buffer Overflow Without Shellcode Challenges
3. Linux Buffer Overflow With Shellcode
4. Remote Linux Buffer Overflow With Listening Shell
4x. Linux Buffer Overflow With Shellcode Challenges

Entire Exploit Development Course

Fall 2015 Classes

CNIT 10: Careers in Computer Networking
Tue 6 pm, SCIE 5; 76874

CNIT 120: Introduction to Security
Tue & Thur 11:10-12:25 pm SCIE 37; 73753

CNIT 123: Ethical Hacking and Network Defense
Thu 6:10-9:00 pm, SCIE 200; 72250

CNIT 124: Advanced Ethical Hacking
Wed 6:10-9:00 pm, SCIE 200; 74687

CNIT 127: Exploit Development
Mon 6:10-9:00 pm, SCIE 37; 76488

CNIT 197 & 198: Internship and Work Experience
Orientation meeting Thurs Aug. 27, 5 PM, SCIE 37; 76756 & 74997

CCSF_HACKERS

Calendar of Instruction  ·  Payment Deadlines  ·  Certificates  ·  Degree

Regular Training Events

OpenLate @OpenDNS on Tues. evenings

Pacific IT Pros (see website for schedule)

Fall 2015 Events


Tues, Aug 25
6 PM, SCIE 5
Tim Ryan
Technical Operations Manager for CCSF

Thu, Sep 4, 5 PM
Batmale 453
CS/CNIT Peer Advising
Security Training at CCSF (ppt)


Tues, Sep 22
6 PM, SCIE 5
John Alexander
Senior Product Manager, CloudPassage

Thu, Sep 24 -
Fri, Sep 25
Hyatt Regency
San Francisco
AppSec OWASP Conference

Fireside Chat: How Universities Can Build the Next Generation of Security Engineers
Matt Bishop · Sam Bowne · Sid Stamm
3 PM Friday


Sat, Oct 3 -
Sun, Oct 4
Silicon Valley Code Camp

Evergreen Valley College
3095 Yerba Buena Rd, San Jose, California 95135

My talk: Is Your Mobile App Secure? 9:15 am Sun
PPT Projects


Wed, Oct 7
6 PM, SCIE 200
Erik Cabetas, Founder, Include Security
Notes from talk


Mon 10-26
6 PM, SCIE 37
Guest Speaker: Michael Coates
OWASP Global Board
Bay Area AppSec Mentorship Program


Tues, Oct 27
6 PM, SCIE 5
Emily Nahmanson
Desktop Support
PlayStation Network


Thu., Oct 29
6 PM, SCIE 200
Guest Speaker: Ben Hagen, Netflix Cloud Security  


Tues
Nov 10
6 PM
SCIE 5
Conrad del Rosario
Assistant District Attorney
San Francisco District Attorney's Office
White Collar Crimes Division


Thur
Nov 12
6 PM
SCIE 200
Wardriving


Fri
Nov 13
10 AM - 4 PM
CLOUD 218
CCSF/Google Hackathon
Work side by side with Googlers on automation projects!
So far, eleven Googlers will be there, and 19 CCSF students.
Lunch Provided; pre-registration required


Fri
Nov 13
2-4 PM
SCIE 214
CCSF Hacking Club
Visiting speaker: Dan Borges
Collaborating to win, improving communication during online CTF and Red Team competitions.


Wed
Nov 18
6 PM
SCIE 200
Craig Lurey, CTO & Co-founder @keepersecurity


Tue
Nov 24
6 PM
SCIE 5
Robert Henderson, Founder & CEO, Secure Overcast


Fri
Dec 11
2:30 PM?
SCIE 214
Paul White with Portcullis
Red Team Tactics: Cover Your Ass and Confuse the Enemy


Summer 2015 Events


Sat, May 23, 2015 -
Sun, May 24, 2015
Monrovia, CA

LayerOne

My talk, 3 PM Sat. Trojaning Financial Android Apps

Slides (pptx)

Android security results


Fri, June 12, 2015 -
Sun, June 14, 2015
Indianapolis

Circle City Con

My workshop: Security Auditing Android Apps (Sun. 9-11)


2015 Community College Cyber Summit (3CS)

Wed, June 17, 2015 -
Fri, June 19, 2015
North Las Vegas
Security Auditing Android Apps

9-12 and 2-5 Thurs

Room 1743 (Mac Lab)


Mon, June 22 -
Fri, June 26, 2015
San Francisco
MPICT Summer 2015 Faculty Development Week

I am a student in the Linux+ class


Mon, July 13 -
Fri, July 17, 2015
Frisco, TX

My class: Hacking Mobile Devices   ·   Surveys: Mon, Wed, Fri


Mon, July 27, 2015 -
Thu, July 30, 2015
Portland, OR
Violent Python

Download Kali Linux VM
Download VMware Player
Mon. 7-27, 1:00 - 4:30 pm
Break 2:30 - 3:00
Oregon Ballroom, Salon G

  

Tue, Aug 4, 2015 -
Wed, Aug 5, 2015
Las Vegas
Violent Python
    Tues 2:00-6:00, Training Ground II (Siena, REG1 on map)

Security Auditing Mobile Apps
    Wed 2:00-6:00, Training Ground I (Siena, REG1 on map)


Thu, Aug 6, 2015 -
Sun, Aug 9, 2015
Las Vegas

DEF CON 23

Workshops 3rd floor of Ballys South tower, The Jubilee Tower
     Violent Python Fri 9am - 1pm, LV Ballroom 5
     Security Auditing Mobile Apps Sat 9am - 1pm, LV Ballroom 5

Packet Hacking Village
     Packet Detective
     3-4 Sat: Talk: Is Your Android App Secure?
Slides

Spring 2015 Classes

CNIT 40: DNS Security  
36554 Tue 06:10-09:00 pm SCIE 100

CNIT 120: Introduction to Security
36679 Tue & Thur 11:10-12:25 pm SCIE 37

CNIT 121: Computer Forensics
36682 Mon 06:10-09:00 pm SCIE 200

CNIT 123: Ethical Hacking and Network Defense
36684 Sat 09:10-12:00 pm SCIE 200

CNIT 128: Hacking Mobile Devices
36895 Weds 06:10-09:00 pm SCIE 100

CNIT 197 & 198: Internship and Work Experience
ORIENTATION: Thur Jan 22 5:00 p.m. Science 37

Spring 2015 Special Events


Mon, Jan 5, 2015 -
Tue, Jan 6, 2015

Violent Python

Room 1103, 10:30 am, Mon, Jan. 5, 2015

Violent Python (pptx)

Evil Keylogger

Project 3: Basic Port Scanning with Python
Project 5: HTTP Scanning with Python

More projects

Exploit Development

Room 1103, 10:30 am, Tue, Jan. 6, 2015

Introduction: Exploiting Linux (pptx)

Download politically correct Jasmin without the cheescake

Proj 5: Using Jasmin to run x86 Assembly Code
Proj 5x: Assembly Code Challenges

Linux Buffer Overflow Without Shellcode
Linux Buffer Overflow

More projects


Fri, Jan 9, 2015 -
Sun, Jan 11, 2015

Nullcon HACKIM

Our team: CCSF_HACKERS


Fri, Jan 16, 2015 -
Sun, Jan 18, 2015
Ghost in the Shellcode

Fri, Feb 27, 2015 -
Sun, Mar 1, 2015
Boston Key Party

Mon, Mar 2, 2015 Unix lesson for Techspot

Unix Tutorial

Unix Project


Mon 3-2
SCIE 200, 6 PM
Conrad del Rosario
Assistant District Attorney
San Francisco District Attorney's Office
White Collar Crimes Division

Case study on the Terry Childs case & more

Image from BoingBoing


Fri, Mar 13, 2015

My workshop: Android App Security Auditing


Wed, Apr 8, 2015
6 pm, SCIE 100
Guest speaker: Adam Ely from BlueBox

Wed, Apr 15, 2015
6 pm, SCIE 100
Guest speaker: Sam Harwin from Salesforce
"Mobile Wi-Fi Risks"

Fri, Apr 17, 2015 -
Sun, Apr 19, 2015
PlaidCTF

Sun 4-19, 2015 &
Mon 4-20, 2015

My workshop: Violent Python (Sun. 2-6)


Tue 4-21, 2015
OpenDNS
135 Bluxome
San Francisco
OpenLate @ OpenDNS - Penetration Testing Workshop

Sat 4-25
9 AM SCIE 200
Wardriving

Wed, Apr 29, 2015
6 pm, SCIE 100
Shane MacDougall</a>

EVENT CANCELLED


Wed, May 6, 2015
6 pm, SCIE 100
Claire Medeiros from Evident.io

Sat, May 9, 2015
9 am, SCIE 200
Brian Roddy from OpenDNS

Wed, May 13, 2015
1 pm, Cloud 218
Windows 10 Preview and FREE LUNCH

Wed, May 13, 2015
6 pm, SCIE 100
Irfan Asrar from appthority

Fall 2014 Classes

CNIT 10: Careers in Computer Networking
75569 Tue 6 PM MUB 271
Meets on 8-26, 9-16 (delayed), 10-14, 10-28, 11-25, 12-9

CNIT 106 Substitute: Introduction to Networks
Ch. 11: Managing a Network
Binary Games

CNIT 120: Introduction to Security
73753 Tue & Thur 11:10-12:25 pm SCIE 37

CNIT 123: Ethical Hacking and Network Defense
72250 Thur 6:10 - 9:00 pm SCIE 200

CNIT 125: CISSP Prep
(Information Security Professional)

75572 Weds 6:10 - 9:00 pm CLOUD 218

CNIT 126: Practical Malware Analysis
Mon 6:10 - 9:00 pm SCIE 200

CNIT 197 & 198: Internship and Work Experience
75575 Orientation meeting Thurs Aug. 28, 5 PM, SCIE 37

Office hours: Mon & Thur 8:30 - 9:30 PM in SCIE 214
Tue & Thurs 12:15 - 1:00 PM SCIE 214

S214 Open Lab Hours

Tutoring for CNIT Classes

Calendar of Instruction

Fall 2014 Past Events

Tues, Aug 26
6:20 MUB 271
Tim Ryan

Technical Operations Manager for CCSF

Careers in Computer Networking


Tues, Sep 2
4:00 PM
Microsoft

Special Presentation on Windows Server and Microsoft Azure


Tue, Sep 9
6 pm
1 Mkt. St. #200, SF
Innovating Women


Sat, Sep 13
9 - 6 MUB 140
OPENHATCH @ CCSF


Thu, Sep 18
San Francisco

S4 INCIDENT RESPONDER AND RESEARCHER CONFERENCE


Fri, Sep 19 -
Sun, Sep 21
Online
CSAW CTF Quals

Our team is CCSF_HACKERS

Results: 1260/5960; Rank 353/1174


Sat, Sep 20
Online
Last day to register for

NATIONAL CYBER LEAGUE


Thu, Oct 2
11 am SCIE 37
Tim Ryan

Technical Operations Manager for CCSF

Security at CCSF, including Shellshock attacks


Fri, Oct 3 -
Sun, Oct 5
Berkeley
Cal HACKS


Mon, Oct 6
6:10 PM
SCIE 200
Trey Ford, from Rapid7

Tues, Oct 7
6:30 PM
Microsoft

Sat Oct 11 &
Sun Oct 12, 2014
Foothill College

My Talk: I Own Your Web App (5 pm Sat)

Slides: PPTX PDF

OWASP Top Ten

CSRF

Code Camp Login
CloudFlare
Cookie Login Demo: HTTP
Cookie Login Demo: HTTPS
Amazon
AOL
Homework project instructions for Cookie Cadger

SQL Injection

Tale on pwning dc.gov
Boolean SQLi at DC.GOV
EDU SQLi #derp
SQL Error at Atlantic Cape Community College
Extraction of data via SQL Error at Atlantic Cape Community College
SQL error at Pomona College
SQLi at Virginia Tech
SQLi at U of Wisconsin-Madison
SQL Error at Clemson U. -- may not be exploitable
SQLi at Harvard
SQLi at UIUC
Exposed password hash at Montserrat College of Art
Raw exposed SQL at WSU

Pharma Infections

Google search to find infected colleges
www.uca.edu.py/cheapest-viagra/ -- Live redirector
UC Santa Cruz Infections
Maricopa Security Breach
Letter to Jerry Brown and Janet Napolitano Re: UCSC Compromise

Exposed Error Logs

Exposed ELMAH page at Toyota
Exposed ELMAH page at HP
Google dork for exposed ASP Cookies
Troy Hunt explaining the ALMAH exposure

Exposed User Data

Exposed student data at 2 colleges
HIPAA Violation
Libel by SC Magazine

Plaintext Login Pages

Johns Hopkins
Stanford
Other Insecure Login Pages

Other Problems

ActiveMQ Unprotected Portal
Wall Street Journal using old Wordpress version
Security Problems at Colleges


Mon, Oct 13 -
Wed, Oct 15
San Francisco

ISACA Con

Some students can get in free by volunteering


Tues, Oct 14
6:10 MUB 271
Eric Courville

Verizon and Founder of the
Northern California PowerShell User Group

Careers in Computer Networking


Sat, Oct 18 7 am PST -
Mon, Oct 20, 7 am PST
Online

Our team is CCSF_HACKERS

Results: We got 800/5308, ranking 160/951


Fri., Oct 24 -
Sun, Oct 26
Philadelphia, PA

My talk: "When Vuln Disclosure Turns Ugly", with @alexmuentz PPTX PDF


Tues, Oct 28
6:10 MUB 271
John Alexander

Senior Product Manager, CloudPassage

Careers in Computer Networking



Thu, Nov 13
6 PM SCIE 200
Wardriving


Tues, Nov 25 Tim O'Brien, Director of Security Threat Intelligence & the founder of DarkWolf Labs at Norse Corporation


Tues, Dec 2
6:00 PM
MUB 271
Nicole Perlroth
Technology reporter for The New York Times


Tues, Dec 2
6:30 PM
Microsoft

Fri, Dec 5 -
Sat, Dec 6

SECCON CTF Quals -- CCSF_HACKERS got 700/7115 Rank 279/804 on the board



Mon, Dec 8
6:10 SCIE 200
Sam Bowne, Developing Windows Exploits

Intro to Windows Exploitation (PPTX)

Project EXP1: Exploiting "Vulnerable Server" for Windows (25 pts. extra credit)


Tues, Dec 9
6:10 MUB 271
Matthew Linton, formerly at NASA, now at Google

Careers in Computer Networking


Thu, Dec 11
6:10 SCIE 200
Sam Bowne, Developing Linux Exploits

SCHOOL CLOSED--EVENT CANCELLED


Mon, Dec 15 -
Wed, Dec 17
Frisco, TX
Texas State Winter Working Connections

My class: Violent Python and Exploit Development

Surveys


Summer 2014 Events

LayerOne
Sat May 24 - Sun May 25, Los Angeles
Violent Python
      PPTX (34 MB)     PDF (6 MB)     Projects     EVIL APT TOOL

California IPv6 Task Force
Tue May 27, 6 pm, VMware Campus, Palo Alto
Conf - Hilltop A - Bash (HTA2085)

TechDays
Thur June 5 - Fri June 6, San Francisco
My talk: Violent Python 4 PM Friday
      PPTX (34 MB)     Projects     EVIL APT TOOL

Innovations in Cybersecurity Education Workshop
Tue June 24 in Baltimore, MD
Violent Python -- Hands-On
Slides (PPTX)
Proj 3: Basic Port Scanning with Python
Proj 5: HTTP Scanning with Python
Proj 7: Password Hashes with Python
EVIL APT TOOL: Keylogger that Bypasses Antivirus
Other Projects    

PacITPros
Tue July 1 in San Francisco

Exploit Development for Mere Mortals
(title stolen from @j0emccray)

Linux Buffer Overflow
Exploiting "Vulnerable Server" for Windows 7
Windows Server 2012 Buffer Overflow Defenses and EMET
Exploiting Easy RM to MP3 Converter on Windows 7
How Vulnerabilities are Exploited: the Root Causes of Exploited Remote Code Execution CVEs

Lockdown
Thu July 10 in Madison, WI
Violent Python & SSD Data Evaporation
PPTX      evap - SSD Data Evaporation Tester
Antivirus Challenge      EVIL.EXE

HOPE X
Fri July 18 - Sun July 20, 2014 in NYC

My talk: Stupid Whitehat Tricks Sun. 5 pm Serpico (18th floor)
PPTX       PDF       Security Problems at Colleges

SQLi Vulnerable Sites on Pastebin

Parsons college pharma infection
19 infected colleges with repair history

Exposed student data at 3 colleges
Exposed password hash
SQLi at Harvard
SQLi at UIUC
Raw exposed SQL at WSU

Insecure Login Pages
Johns Hopkins
Stanford

1st Community College Cyber Summit (3CS)
Mon July 21 at Moraine Valley Community College in Palos Hills, IL

Mon July 21, 9:15 - 12:15: Workshop: Violent Python
Slides (PPTX)      Slides (PDF)
Proj 3: Basic Port Scanning with Python
Proj 5: HTTP Scanning with Python
Proj 7: Password Hashes with Python
Proj 8: Antivirus Evasion with Python
EVIL APT TOOL: Keylogger that Bypasses Antivirus
Binary Games

Download Kali Linux
Other Projects

HI-TEC
Tue July 22 - Thu July 24, 2014 in Chicago

Tue July 22, 8:30 - Noon: Workshop: Malware Analysis

Lecture notes and slides
0: Primer & 1: Basic Static Techniques     PPTX
2: Virtual Machines & 3: Basic Dynamic Analysis     PPTX

Projects
Proj 1: Basic Static Techniques
Proj 2: Basic Static Techniques
Proj 3: Using INetSim on Kali Linux
Proj 4: Basic Dynamic Techniques

Download politically correct Jasmin without the cheescake

Proj 5: Using Jasmin to run x86 Assembly Code
Proj 2x: Reverse Engineering with IDA Pro Freeware
Proj 5x: Assembly Code Challenges

Entire Practical Malware Analysis course

Weds July 23, 1:15 - 2:00: Security Problems at Colleges
PPTX       PDF

Security Problems at Colleges

SQLi Vulnerable Sites on Pastebin

Parsons college pharma infection
19 infected colleges with repair history

Exposed student data at 3 colleges
Exposed password hash
SQLi at Harvard
SQLi at UIUC
Raw exposed SQL at WSU

Insecure Login Pages
Johns Hopkins
Stanford

United States Secret Service San Francisco
Electronic Crimes Task Force

Wed July 30, 2014 in Silicon Valley
(not open to the public)

Passwords Con and BSides LV
Tue Aug 5 - Wed Aug 6, 2014 in Las Vegas

Defcon
Thu Aug 7 - Sun Aug 10, 2014 in Las Vegas

Recommended talks

My hands-on workshops at the Packet Hacking Village

Packet Detective

I'll be there 9 am - 1 pm every day Thurs-Sun

Wireshark Tips

Violent Python Fri. Noon

Slides (PPTX)      Slides (PDF)

Computer Setup

Proj 3: Basic Port Scanning with Python
Proj 5: HTTP Scanning with Python
Proj 7: Password Hashes with Python
EVIL APT TOOL: Keylogger that Bypasses Antivirus
Other Projects

Exploit Development for Beginners Sat. 11 am

Linux Buffer Overflow
Exploiting "Vulnerable Server" for Windows 7
Windows Server 2012 Buffer Overflow Defenses and EMET
Exploiting Easy RM to MP3 Converter on Windows 7
How Vulnerabilities are Exploited: the Root Causes of Exploited Remote Code Execution CVEs

USCC
Mon Aug 11 - Thu Aug 14, 2014 at San Jose State U
I was expelled so they could "build community"

Spring 2014 Classes

CNIT 60: Introduction to IPv6
35009 Tue 6:10-9:00 pm SCIE 37
Meets 1-14, 1-28, 2-18, 3-18, 4-8, 4-29

CNIT 120: Introduction to Security
33816 Tue & Thur 11:10-12:25 pm SCIE 37

CNIT 121: Computer Forensics
33817 Wed 6:10-9:00 pm MUB 330

CNIT 123: Ethical Hacking and Network Defense
32369 Sat 9:10 am - 12:00 pm CLOU 218

CNIT 124: Advanced Ethical Hacking
35011 Mon 6:10-9:40 pm 01/27-05/19 SCIE 200

CNIT 197 & 198: Internship and Work Experience
74996 & 75099
ORIENTATION: Thurs., Jan 23, 5 PM, SCIE 37


Sam's Office Hours: half an hour after each class, in Science 214.

Open Labs & Tutoring End After Thurs., May 16.

Have a Good Summer!

S 214 Lab Hours

SCIE 37 Open Lab: Mon. 1-5; Tue 1:30-4:30, Weds. 1-5; Thurs 1:30-4:30

CNIT Tutors in SCIE 37
Julio: Tue & Thur 1:30 - 4:30 (CNIT 100, 104, 105, 106)
Michael: Tue 2-5, Wed 2-5, Thur 2-6 (CNIT 131, 132, 133)



Spring 2014 Special Events


Wed 2-26, 6:30, Chinatown Campus, 808 Kearny St., Fourth floor

Guest Speaker: Nathan Ide from Microsoft

Pass the Hash is a powerful attack hackers have been using to compromise Windows systems for 15 years. Microsoft finally patched it in Windows 8.1. (This is worth extra credit)

Presenting will be one of Microsoft's top security researchers, Nathan Ide who developed the "fix" at Microsoft.

Slides


Tue 3-4, 11 am, SCIE 37

Guest Speaker: Tim Ryan, Technical Operations Manager, CCSF


Thu, Jan, 23: CNIT 102 Substitute Lecture: PowerShell

Thu, Mar. 6: CNIT 102 Substitute Lecture
PPTX       nslookup       Installing Powershell 3.0       Download VMware Player


Wed 3-12, 6 pm, MUB 330

Guest Speaker:

Conrad del Rosario
Assistant District Attorney
San Francisco District Attorney's Office
White Collar Crimes Division

Case study on the Terry Childs case & more

Biography


Mon, Mar 17, 6 pm, SCIE 200

Guest Speaker: John Alexander, Senior Product Manager, CloudPassage
Password Cracking and Job Opportunities at CloudPassage

Powerpoints
Password War Games_cp_version_Part1_sans_quiz.pptx
Password War Games_cp_version_Part2_sans_quiz.pptx

Jobs at CloudPassage


Sat, Mar 29, 9 am, CLOUD 218

Guest Speaker: David Ulevitch, CEO of OpenDNS


HacKid Con
Sun, Apr 20, San Jose
Ethical Hacking & Responsible Disclosure

Wed, May 14, 6 pm, MUB 330

Guest Speaker: Johnathan Cran from BugCrowd
Bug Bounties and Opportunities at BugCrowd

Jobs Available Now



Fall 2013 Classes

CNIT 40: DNS Security
Tue 6 pm MUB 330 75255
Meets 8-27, 9-10, 10-8, 10-29, 11-19, 11-26, 12-10, 12-17

CNIT 106: Introduction to Networks
Weds 6-9 PM SCIE 200 72811

CNIT 120: Introduction to Security
Tue & Thur 11:00 - 12:30 PM SCIE 37 73753

CNIT 123: Ethical Hacking and Network Defense
Thu 6 pm MUB 180 72250

CNIT 126: Practical Malware Analysis
Mon 6 pm SCIE 200 75256

CNIT 197 & 198: Internship and Work Experience 74996 & 75099
ORIENTATION: Thurs., Aug. 22, 5 PM, SCIE 37

CNIT 345: Windows 7 Tech Support
Sat 9 am CLOUD 218 72950

Sam's Office Hours: half an hour after each class, in Science 214.

S 214 Lab Hours

SCIE 37 Open Lab: Mon 2-6, Tue 1-6, Weds 2-6, Thurs 1-6

CA IPv6 Task Force

ipv6 ready



Fall 2013 Special Events

Thu., Sep 19 - Sun, Sep 22, 2013: CSAW CTF Hacking Competition (Free) Our Team: CCSF_HACKERS

Sat., Oct 5 - Sun, Oct 6, 2013: Code Camp at Foothill College, Los Altos Hills, CA
Sat. 11:15 am: My talk Data Breaches and Password Hashes       PPTX

Tue., Nov 5: DNS Security Talk at PacITPros      Slides

Thu., Nov 7: Wardriving 6 PM MUB 180

Tue., Nov 12 - Thu, Nov 14, 2013:
gogoNET LIVE! 4: Conference on IPv6 & the Internet of Things in San Jose
My talk: IPv6 RA DoS Attacks PPTX PDF

Fri., Nov 22: DriveSavers Tour (limited to 15 students)

Fri., Dec 6 - Sat., Dec 7, 2013:
BayThreat 4 at Hacker Dojo in Mt. View



Summer 2013 Special Events

Sat., May 25 - Sun. May 26, 2013: LayerOne in Monrovia, CA
My talk (2 pm Sun): Data Evaporation on SSDs (plus DoS)
PPT · The evap Tool

Mon. June 3 - Fri. June 7, 2013: Working Connections North in Lansing, MI
Ethical Hacking and Network Defense

Mon. June 10 - Fri. June 14, 2013: AIM Confrence in Council Bluffs, IA
Introduction to IPv6

Mon. June 17 - Fri. June 21, 2013: MPICT Summer Conference in San Francisco
(I am a student in the Content Management Systems (CMS) Fundamentals and Security class)

Sat., June 29, MUB 140, CCSF: WORKSHOP: Open Source Software Development

Mon. July 8 - Fri. July 12, 2013:
Working Connections in Frisco, TX
(I was unable to attend)

Sun. July 21 - Wed. July 24, 2013: HI-TEC, Austin TX
Sun. 1:00 - 4:30
"Hands-on SQL Injection Attack and Defense"
PPT     SQL Injection Projects     Cracking Password Hashes     Stealing Cookies with XSS     Cookie Re-Use     Google Gruyere

10:15 - 11 am, Weds., July 24: "Two Scary Denial-of-Service Attacks
PLUS Hacking into American Express and Chase Accounts"

PPT
Hacking American Express and Chase Accounts with Cookie Re-Use
IPv6 RA Flood · Sockstress

Weds., July 31 - Thurs, Aug 1, 2013: B-Sides Las Vegas
Data Evaporation Video      Cookie Re-Use Video

Thurs., Aug. 1 - Sun., Aug 4, 2013: Defcon, Las Vegas
My Talks: "Evil DoS Attacks and Strong Defenses" (with Matthew Prince) 2 pm Fri PPTX
"SSD Data Evaporation" 4:30 Sat, Track 2 PPTX      The evap Tool

Mon., Aug 5 - Fri, Aug 9, 2013: USCC Western Regional Cybersecurity Bootcamp
San Jose State University



Spring 2013 Classes

CNIT 10: Careers in Computer Networking - 34068
Meets Six Tuesdays (1-29, 2-19, 3-12, 4-9, 4-30, 5-14) 6:10 - 9 PM MUB 330

CNIT 120: Introduction to Security - 33816
Tue & Thur 11:00 - 12:30 PM SCIE 37 (NOT in MUB)

CNIT 121: Computer Forensics - 33817
Thu 6:10 - 9 pm MUB 330

CNIT 123: Ethical Hacking and Network Defense - 32369
Sat 9:10 am - Noon MUB 330

CNIT 125: Information Security Professional - 34417
Mon 6:10 - 9:15 pm SCIE 200

CNIT 197 & 198: Internship and Work Experience - 31876 & 32222
ORIENTATION: Wednesday, Jan. 23, 5 PM, SCIE 37

CNIT 345: Windows 7 Tech Support - 33138
Sat 1:10 pm - 4:00 MUB 330

Sam's Office Hours: half an hour after each class, in Science 214.

S 214 Lab Hours (Last Lab Day: Thursday, May 16)



Spring 2013 Special Events

Thu. Jan. 3 - Fri. Jan. 4, 2013: MPICT, San Francisco

My Presentations

Data Breaches and Password Hashes
PLUS the New IPv6 RA Flood Attack

    1:30 Thurs, Rm. 1105
    Abstract     PPTX

Hands-on SQL Injection Attack and Defense
    1:30 Fri, Rm 1103
    Abstract     PPTX     Project


Sun. Feb. 24 - Mon. Feb. 25, 2013: B-Sides San Francisco

Thu., May 2 - Fri. May 3, 2013: TechDays, San Francisco, CA
My slides: IPv6 Security



Fall 2012 Classes

CNIT 60: Introduction to IPv6 - 73751
(meets on Weds. 8-22, 9-19, 10-3, 10-24, 11-7 (moved from 11-14), 12-5 in SCIE 200)

CNIT 120: Introduction to Security - 73753
Tue & Thur 11:00 - 12:30 PM SCIE 37



CNIT 123: Ethical Hacking and Network Defense - 72250
Tue 6:00 - 9:00 PM SCIE 200

Nov. 27: Guest Speaker--Matthew Prince, CEO, CloudFlare

Dec. 4: Guest Speaker: Dan Goodin, IT Security Editor at Ars Technica



CNIT 124: Advanced Ethical Hacking - 74163
Sat 9:00 AM - 12:00 PM SCIE 37 PM SCIE 200

Dec. 1: Guest Speaker--Matt Linton, NASA Ames



CNIT 197 & 198: Internship and Work Experience - CRN 71826 & 72192
Orientation on Weds. 8/22/12 from 5:00 to 6:00 p.m. in S37

CNIT 345: Windows 7 Tech Support- CRN 72950
Thu 6:00 - 9:00 PM SCIE 204 (NOTE NEW ROOM)

Sam's Office Hours: half an hour after each class, in Science 214.

S 37 Lab Hours Fall 2012: Mon-Thu 3-6

S 214 Lab Hours



Fall Special Events

Wed. Sept 12 - Fri. Sept 14, 2012: United Security Summit, San Francisco
My talk: The Deluded Insider Threat

Wed. Oct 10, 2012 10 am: NASA Ames Research Center, Moffett Field, CA
My talk: Data Breaches: Real and Imaginary

Mon. Nov. 12, 2012, 10 am: gogoNET Live 3, San Jose, CA
My class: Hurricane Electric Certification Workshop

Fri. Dec. 7 - Sat. Dec. 8, 2012: Baythreat, Sunnyvale, CA
My talk, 2:10 Friday: Data Breaches and Password Hashes
PPT

Mon. Dec 17 - Wed., Dec 19, 2012 Working Connections in Frisco, TX
My class: IPv6 Networking & Hacking

Thu. Jan. 3 - Fri. Jan. 4, 2013: MPICT, San Francisco
My presentationss:
Data Breaches and Password Hashes
Hands-on SQL Injection Attack and Defense

SQL Injection Project

Sun. Feb. 24 - Mon. Feb. 25, 2013: B-Sides San Francisco



Summer Events

Sat. May 26 - Sun., May 27, 2012: LayerOne in Los Angeles
(I am just watching)

Fri. June 1, 2012: CyberWatch, Ontario, California

Tue. June 5: PacITPros
CloudFlare Slides

Mon. June 11 - Fri. June 15, 2012: MPICT Faculty Development Week in Garden Grove, CA
Ethical Hacking and Network Defense
Stealing Passwords and Malware Analysis (ppt)      (pdf)
CloudFlare: Dos is Over (ppt)

Mon. June 25 - Fri. June 29, 2012 Faculty Development Week at Ohlone College
(I am a student in the Cryptography class)

Fri. July 13 - Sun., July 15, 2012: HOPE in NYC

Wed. July 25 - Thu. July 26: HITEC, Denver
My talk: 1:30 Thurs. Whitehat Vigilante: Helping Vulnerable Organizations & The Breach That Wasn't

Thu. July 26 - Sun. July 29: Defcon, Las Vegas
My Skytalk: The Breach That Wasn't     Slides (pptx)

Tue. Aug 7: Pacific IT Pros
CrypTool, Wep Cracking with Cain, and The Breach That Wasn't (pptx)

Wed. Sept 12 - Fri. Sept 14: United Security Summit, San Francisco
My talk: The Deluded Insider Threat



Spring 2012 Classes

CNIT 10: Careers in Computer Networking - CRN Tue 6-9, SCIE 5
(meets on 1-24, 2-7, 2-21, 3-13, 4-3, 4-24 cancelled)

CNIT 120: Introduction to Security - CRN 33816
Tue & Thur 11:00 - 12:30 PM SCIE 37


CNIT 121: Computer Forensics - CRN 33817
Wed 6:00 - 9:00 PM SCIE 200

CNIT 123: Ethical Hacking and Network Defense - CRN 32369
Sat 9:00 AM - 12:00 PM SCIE 37


CNIT 197 & 198: Internship and Work Experience - CRN 31876 & 32222
Orientation on Weds. 1/25/12 from 5:00 to 6:00 p.m. in S37


CNIT 345: Windows 7 Tech Support- CRN 33138
Mon 6:00 - 9:00 PM SCIE 204


Sam's Office Hours: half an hour after each class, in Science 214.

S 37 Lab Hours Spring 2012: : Mon, Tue, & Wed 1-6; Thu 3-6

S 214 Lab Hours



Special Events

Weds. March 21, 2012: Penguin Day 3 pm R304
My Talk: Monitoring Network Performance from an AWS Server      (video)

Tues, May 8: PacITPros: Stealing Passwords Remotely & Malware Analysis
     PowerPoint Slides       PDF



Fall 2011 Classes

CNIT 60: Intro to IPv6 - CRN 73751 Mon 6-9, SCIE 136
(meets on 8-22, 9-12, 9-26, 10-17, 10-31, and 11-14)

CNIT 120: Introduction to Security - CRN 73753
Tue & Thur 11:00 - 12:30 PM SCIE 37


CNIT 122: Firewalls - CRN 73752
Tue 6:00 - 9:00 PM Moved to MUB 170
Class starts at 7:00 PM on 10-11, 10-18, 11-29, and 12-6
Multi-Use Bldg. is the new building across Phelan ave from Science Hall


CNIT 123: Ethical Hacking and Network Defense - CRN 72250
Weds 6:00 - 9:00 PM SCIE 204


CNIT 125: Information Security Professional - CRN 73754
Sat 9:00 AM - 12:00 PM SCIE 136


CNIT 197 & 198: Internship and Work Experience - CRN 36585 & 37656
Orientation meeting 5 PM, Weds, Aug 24 SCIE 37


CNIT 345: Windows 7 Tech Support- CRN 72950
Note time change and different, larger room!
Thu 6:30 - 9:30 PM SCIE 200


Sam's Office Hours: half an hour after each class, in Science 214.

S 37 Lab Hours Fall 2011: Mon, Tue, & Wed 1-6; Thu 3-6
S 214 Lab Hours



Fall 2011 Events

CCSF Linux Users's Group
My talk: LAMP Vulnerability Scanning     
Tue, Sep 13, 2011; 5:00 a 5:30, Batmale 413

CCSF Penguin Day
My talk: DoS Attacks     
Wed, Nov 8, 2011; 5:00 - 5:45, Rosenberg 305

Baythreat
My talk: Whitehat Vigilante (pptx)      (pdf)
Sat, Dec 10, 2011; 10 am

Thoughts on Persistence by Neel Mehta

Summer 2011 Events

Layer 1, Los Angeles
My talk: Layer 7 DoS Attacks and Defenses      Powerpoint
Sat, May 28 - Sun, May 29, 2011

Math, Science, CTE Teacher's Conference
Weds, June 1, and Thurs, June 2, 2011
My talk: Everyone Can Learn Math, Thurs, 9:00
Powerpoint     Interview with Kadhir Rajagopal     His book
Binary Lessons

MPICT Faculty Development Week
Mon, June 13 - Fri, June 17, 2011, CCSF
My Class: CISSP Prep
Morning Talk: The Security Circus

CNIT 60: Introduction to IPv6
Saturdays, June 4, 11, 18, and 25, 9 am - 1 pm
SCIE 136, Ocean Campus
S 214 Lab Hours

OWASP Bay Area Local Chapter
Wed, June 22, 2011, 11:30
My Talk: The Security Circus & IPv6 DoS

HI-TEC Conference, San Francisco
Mon, July 25 - Thurs, July 28, 2011
My Tracks:
Mon, July 25, 2010: Mobility Workshop
Thurs, July 28, 2010, 1:30-5:00: Ethical Hacking: New Web 2.0 Attacks and Defenses

Texas State Working Connections, Frisco, TX
Mon, July 11 - Fri, July 15, 2011
My Track: Secure Deployment of IPv6

B-Sides, Las Vegas
Weds, Aug 3 - Thurs, Aug 4

Defcon, Rio, Las Vegas
Thurs, Aug 4 - Sun, Aug 7
1 pm Friday, Aug 5, Track 3: My Talk: Three Generations of DoS Attacks (with Audience Participation, as Victims)
My PowerPoint Slides



Spring 2011 Classes

CNIT 10: Careers in Computer Networking - CRN 39723 Thurs 6-9, SCIE 136
(meets on 1-27, 2-17, 3-10, 3-24, 4-7, and 4-21)


CNIT 60: Intro to IPv6 - CRN 39724 Thurs 6-9, SCIE 136
(meets on 1-20, 2-10, 2-24, 3-3, 3-17, and 4-14)
Note: this class is incorrectly shown as CNIT 10 in the printed schedule


CNIT 106: Introduction to Networks - CRN 36564
Tue & Thur 11:00 - 12:30 PM SCIE 37


CNIT 123: Ethical Hacking and Network Defense - CRN 38013
Sat 9:00 AM - 12:00 PM SCIE 37


CNIT 124: Advanced Ethical Hacking - CRN 39727
Weds 6:30 - 9:30 PM SCIE 200


CNIT 197 & 198: Internship and Work Experience - CRN 36585 & 37656
Orientation meeting 5 PM, Thurs, Jan 20, SCIE 37


CNIT 345: Windows 7 Tech Support- CRN 39417
Mon 6:00 - 9:00 PM SCIE 204


S 37 Lab Hours Fall 2010: Mon, Tue, & Wed 1-6; Thu 3-6
S 214 Lab Hours



Spring 2011 Special Events

Tue, Mar 8, 2011
NBLUG in Sebastopol
My talk: The DoS Crisis: Wikileaks. Anonymous, HB Gary Federal, The Jester

Tue, May 3, 2011
PacITPros, San Francisco
Demo: IPv6 RA Flood Attack



Winter Break 2010-2011 Events

Fri, Dec 10 and Sat, Dec 11, 2010
BayThreat in Mountain View
My talk: Getting Started With IPv6

Tue, Dec 14 - Thur, Dec 16, 2010
Working Connections Winter Retreat: Frisco, TX
My track: Intro to IPv6

January 6-7, 2011
MPICT Winter ICT Educator Conference, CCSF
My workshops:
2:30 Thurs: Ethical Hacking: BackTrack 4, Metasploit, and Social-Engineering Toolkit (ppt file)
Wikileaks--The DoS Crisis (ppt file)
1:30 Fri: Getting Started with IPv6



Fall 2010 Classes

CNIT 106: Introduction to Networks - CRN 75881 - Tue & Thur 11:00 - 12:30 PM SCIE 200

CNIT 120: Network Security - CRN 79265 - Weds 3:00 - 6:00 PM CLOUD 218

CNIT 121: Computer Forensics - CRN 79129 - Mon 6:00 - 9:00 PM Moved to SCIE 300
Sam Bowne & Sufyaan Mateen

CNIT 123: Ethical Hacking and Network Defense - CRN 77744 - Weds 6:00 - 9:00 PM SCIE 204

CNIT 197 & 198: Internship and Work Experience - CRN 76393 & 77522

CNIT 201E: Network Fundamentals - CRN 78223 - Tue & Thu 6-9 CLOUD 218
Sam Bowne & Sufyaan Mateen (8/16 - 10/14)

CNIT 202E: Routing Protocols and Concepts - CRN 78224 - Tue & Thu 6-9 CLOUD 218
Sam Bowne & Sufyaan Mateen (10/19 - 12/16)

CNIT 345: Windows 7 Tech Support- CRN 79131 - Sat 9:00 AM - 12:00 PM SCIE 136

Sam's Office Hours: half an hour after each class (except Weds.), in Science 214 except for Tue & Thur evenings when I'm in Cloud 218.

S 37 Lab Hours Fall 2010: Mon, Tue, & Wed 1-6; Thu 3-6
S 214 Lab Hours



Summer 2010 Events

BALUG: Tues, May 19
SSLstrip, SlowLoris, and IPv6

SVLUG: Weds., June 2
SSLstrip, SlowLoris, IPv6, and Split Handshake

MPICT Faculty Development Week: Mon, June 21 - Fri, June 25, CCSF
My talk: IPv6

Pacific IT Pros: Tue, July 6
Computer Forensics: project 2 from this CNIT 121 page

Working Connections: Mon, July 12 - Fri, July 16, Frisco, TX
My track: Information Security Professional (CISSP Preparation)

HI-TEC: Mon, July 26 - Thurs, July 29, Orlando FL
My talk: How to Steal Passwords, Wed. July 28, 3 PM
HI-TEC Materials

DEFCON: Fri, July 30 - Sun, Aug 1, Riviera, Las Vegas
My talk: Who Cares About IPv6? Fri, July 30, 1 PM, Track 5


Pacific IT Pros, Tue, Aug 3, San Francisco
My talk: Defcon Recap


Cisco Academy Conference: Mon, Aug 9 to Weds, Aug 11, Santa Barbara




Spring 2010 Classes

CNIT 106: Introduction to Networks - CRN 36564 - Tue & Thur 11:00 - 12:30 PM
Moved to SCIE 37


CNIT 123: Ethical Hacking and Network Defense - CRN 38013 - Sat 9 - 12
Moved to SCIE 37

Videos of CNIT 123 Lectures: Google Video     iTunes     torrent

CNIT 125: Information Security Professional (CISSP Preparation) - CRN 39394 - Wed 6-9
Moved to SCIE 108


CNIT 197: Internship and Work Experience

CNIT 201E: Network Fundamentals - CRN 38600 - 01/19-03/18
Sam Bowne & Sufyaan Mateen; Tue & Thu 6-9

CNIT 202E: Routing Protocols and Concepts - CRN 38646 - 03/23-05/27
Sam Bowne & Sufyaan Mateen; Tue & Thu 6-9

CNIT 345: Windows 7 Tech Support- CRN 39417 - Mon 6 - 9 PM
Moved to SCIE 204


S 37 Lab Hours Spring 2010: Mon, Tue, & Wed 1-6; Thu 3-6
S 214 Lab Hours



Winter Break 2010 Class

MPICT Winter 2010 ICT Educator Conference
Schedule (.XLS)
My presentation: Hands-on Introduction to Windows 7
Fri, Jan 8 10:30 - 12:20
Powerpoint · Project 1: Remote Assistance · Project 2: Remote Desktop
Project 3: Resource Monitor · Project 4: HomeGroup





Fall 2009 Classes

JSPAC Conference - Sacramento - Dec 2-3

CNIT 10: Careers in Computer Networking - CRN 78916 - Wed 6:00 - 9:00 PM (first meeting on Aug 26)

CNIT 106: Introduction to Networks - CRN 75881 - Tue & Thur 11:00 - 12:30 PM

CNIT 123: Ethical Hacking and Network Defense - CRN 77744 - Mon 6-9
Videos of CNIT 123 Lectures: Google Video     iTunes     torrent

CNIT 201E: Network Fundamentals - CRN 78223 - 08/18-10/15
Sam Bowne & Sufyaan Mateen; Tue & Thu 6-9

CNIT 202E: Routing Protocols and Concepts - CRN 78224 - 10/27-12/17
Sam Bowne & Sufyaan Mateen; Tue & Thu 6-9

CNIT 335: VistaTech Support
(This will actually be CNIT 345: Windows 7 Tech Support)
CRN 78108 - Sat 9:00 - 12:00 PM


S 37 Lab Hours Fall 2009: Mon, Tue, & Wed 1-6; Thu 3-6           S 214 Lab Hours



Summer 2009 Conferences

4:00 PM Friday, June 5 - 4:00 PM Sunday, June 7, 2009
DEFCON 17 CTF Qualifier
Experiences of a strong team    Walk-throughs

Monday, June 15 - Friday, June 19, 2009
Mid-Pacific ICT Center Summer 2009 Faculty Development Week
At CCSF, San Francisco
My Track: CNIT 123: Ethical Hacking and Network Defense
Videos of CNIT 123 Lectures: Google Video     iTunes     torrent
Morning Talk: Two Attacks


Monday, July 13 - Friday, July 17, 2009
2009 Texas State Working Connections
My Track: CNIT 124: Ethical Hacking 2.0
Frisco, Texas

Wednesday, July 29 - Thursday, July 30, 2009
BSidesLasVegas

Thursday, July 30 - Sunday, August 1, 2009
DEFCON 17
The Riviera, Las Vegas, NV
My Presentation: Hijacking Web 2.0 Sites with SSLstrip and Slowloris--Hands-on Training

sslstrip PowerPoint    Slowloris PDF    SSLstrip Instructions    Wall of Stripped Sheep    Slowloris Instructions



Spring 2009 Classes

CNIT 120: Network Security - CRN 39084 - Sat 9-12

CNIT 123: Ethical Hacking and Network Defense - CRN 38013 - Mon 6-9
Videos of CNIT 123 Lectures: Google Video     iTunes     torrent

CNIT 124: Advanced Ethical Hacking - CRN 38558 - Sat 2-5

CNIT 201E: Network Fundamentals - CRN 38600 - 01/13-03/10
Sam Bowne will teach Tue 6-9; Pierre Thiry will teach Thu 6-9

CNIT 202E: Routing Protocols and Concepts - CRN 38646 - 03/12-05/21
Sam Bowne will teach Tue 6-9; Pierre Thiry will teach Thu 6-9

CNIT 335: Windows Vista Tech Support - CRN 38254 - Thur 6-9    Now with Windows 7!

S 37 Lab Hours           S 214 Lab Hours           CNIT Student Survey



Winter 2008-2009 Events

Year Up - Ethical Hacking     Nov. 6, 2008      PowerPoint

Special Populations Conference Dec 3-4, 2008, in Sacramento
Sniffing (ppt)      Cain      Ophcrack      Sidejacking Gmail     


Winter 2009 ICT Educator Conference
Jan 8-9, 2009, in San Francisco
My Talks
Hacking into Wireless Networks      PowerPoint      Project: Cracking WEP      1:30, Thurs. Jan. 8

Using USB Flash Drives as Hacking Tools      PowerPoint      Project: USB Switchblade      2:30, Fri. Jan. 9
     Download PocketKnife_v0870      Download Universal_Customizer



Fall 2008 Classes

CNIT 100: Intro to Computers (Southeast campus) - CRN 78561 - Sat 9-12

CNIT 123: Ethical Hacking and Network Defense - CRN 77744 - Thurs 6-9

CNIT 124: Advanced Ethical Hacking - CRN 78276 - Weds 6-9

CNIT 211 & ELEC 211: Fiber Optic Technology - CRN 78462 - Mon 6-9

CNIT 335: Windows Vista Tech Support - CRN 78108 - Tue & Thur 11 - 12:30 Now with Windows 7!

S 214 Lab Hours



Summer 2008 Events

Fri, May 30 - Sun, June 1, 2008
Capture the Flag Qualifying Contest
CTF Quals Tutorials

Saturday, June 7 - Sun, June 8, 2008
Certification Testing in S214

Tue, June 17
IEEE Communications Society
My Presentation: Ethical Hacking: Penetrating Web 2.0 Security     Handout

Fri, June 27, 2008
2008 Math, Science and CTE Conference for K-14 Teachers
My Workshops:
9:30 am - 11 am: Ethical Hacking--Defeating Logon Passwords     PowerPoint     Project: Ophcrack
12 - 1:30 pm: Ethical Hacking--Hijacking GMail Accounts     PowerPoint     Project: Cain and Hamster

Mon, July 14 - Fri, July 18, 2008
Working Connections, Frisco, TX

Mon, July 28 - Thu, July 31, 2008
SAME-TEC 2008: Seamless Connections, Austin TX
My Presentation: Ethical Hacking: Hijacking Gmail Accounts

Fri, Aug 8 - Sun, Aug 10, 2008
DEFCON in Las Vegas



Spring 2008 Classes

CNIT 123: Ethical Hacking and Network Defense

CNIT 124: Advanced Ethical Hacking - CRN 78276 - Weds 6-9

CNIT 335: Windows Vista Tech Support



Fall 2007 Classes

CNIT 123: Ethical Hacking and Network Defense

CNIT 335: Windows Vista Tech Support



Summer 2007 Classes

CNIT 30: Internet Safety
(Two sections: M W 6/11-6/25 & T R 6/27-7/16)

CNIT 80X: Communications Convergence Workshop
June 14: Ethical Hacking and Network Defense
June 21: Fiber Optic Technology


Working Connections in Frisco, Texas
July 16-20: Ethical Hacking and Network Defense

DEFCON in Las Vegas, August 3-5

Spring 2007 Classes

CNIT 123: Ethical Hacking and Network Defense

CNIT 235: Windows Desktop Support Technician

NCTT Winter Conference

Fiber Optic Technology

Ethical Hacking and Network Defense

Fall 2006 Classes

CNIT 100: Introduction to Computers

CNIT 211 / ELEC 211: Fiber Optic Technology

CNIT 235: Windows Desktop Support Technician

Summer 2006 Classes

CNIT102W: World Wide Web & CNIT 30: Internet Safety

Fiber Optic Technology: June 6 and 8, 6-9 PM, Sci 37 and 56

COMMUNICATIONS CONVERGENCE WORKSHOP Flyer

Spring 2006 Classes

CNIT 100: Introduction to Computers

CNIT 211 / ELEC 211: Fiber Optic Technology

CNIT 235: Windows Desktop Support Technician

Fall 2005 Classes

CNIT 100: Introduction to Computers

CNIT 131: Internet Basics & Beginning HTML

CNIT 235: Windows Desktop Support Technician

Spring 2005

CNIT 100: Introduction to Computers

CNIT 131: Internet Basics & Beginning HTML

CNIT 235: Windows Desktop Support Technician

Fall 2004

CNIT 100: Introduction to Computers ONLINE!

CNIT 131: Internet Basics & Beginning HTML

CNIT 235: Windows Desktop Support Technician

Summer 2004

Windows Desktop Support Technician and Help Desk


Spring 2004

CCSF: CNIT 100: Intro to Computers

CCSF: CNIT 100: Intro to Computers ONLINE!

Network+ Prep at Cypress -- out of date

Fall 2003

Cypress: Windows 2000 Pro and Windows 2000 Server

Last updated: 5-21-17