CSC-405 Introduction to Computer Security

Date Topic Discussions
(do readings before class)
01/10 Introduction (slides)
01/12 Unix (slides)
Introduction to Linux (link)
01/17 Windows (slides)
17 Mistakes Microsoft Made in the Xbox Security System (link)
01/19 Computer Forensics (slides)
Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds (link) [optional]
01/24 Control hijacking attacks (1/2) (slides)
Smashing The Stack For Fun And Profit (link)
Basic Integer Overflows (link)
01/26 Control hijacking attacks (2/2) (slides)
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (link) [CCS'07]
01/31 Reverse Engineering 1 (slides)
No reading - homework 1
02/02 Reverse Engineering 2 (slides)
Using a Decompiler for Real-World Source Recovery (link) [WCRE'04]
02/07 Symbolic Execution (slides)
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (link) [OSDI'08]
02/09 Fuzzing (slides)
02/14 Malicious Code 1/2 (slides)
02/16 Malicious Code 2/2 (slides)
Inside the Slammer Worm (link) [IEEE Security & Privacy Magazine 2003]
02/21 Sandboxing Applications (slides)
Native Client: A Sandbox for Portable, Untrusted x86 Native Code (link) [S&P'09]
02/23 Botnets and Cybercrime (slides)
Your botnet is my botnet: analysis of a botnet takeover (link) [CCS'09]
02/28 No class - NDSS
03/02 Midterm
03/07 Spring Break
03/09 Spring Break
03/14 Web Security 1 (slides)
Hypertext Transfer Protocol (link)
03/16 Web Security 2 (slides)
Introduction to HTML (link)
03/21 No class - CODASPY
03/23 No class - CODASPY
03/28 Web Security 3 (slides)
03/30 Web Injections (slides)
04/04 Cross-site Scripting (slides)
Cross-site Scripting (link)
04/06 No Class
04/11 ClickJacking & EAR (slides)
Fear the EAR: discovering and mitigating execution after redirect vulnerabilities (link)
04/13 Browser Extensions (slides)
Hulk: Eliciting Malicious Behavior in Browser Extensions (link)
04/18 Evasive web-based malware (slides)
Revolver: An Automated Approach to the Detection of Evasive Web-based Malware (link)
04/20 TCP/IP Security (slides)
04/21 HackPack CTF
1pm-7pm Capture the Flag event
04/25 DNS Security (slides)
An Illustrated Guide to the Kaminsky DNS VulnerabilitAn Illustrated Guide to the Kaminsky DNS Vulnerability (link)
04/27 Network Security (slides)
05/09 Final exam
1pm - 2:30pm