CSC-405 Introduction to Computer Security

Date	Topic	Discussions (do readings before class)
01/10	Introduction (slides)
01/12	Unix (slides)	Introduction to Linux (link)
01/17	Windows (slides)	17 Mistakes Microsoft Made in the Xbox Security System (link)
01/19	Computer Forensics (slides)	Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds (link) [optional]
01/24	Control hijacking attacks (1/2) (slides)	Smashing The Stack For Fun And Profit (link) Basic Integer Overflows (link)
01/26	Control hijacking attacks (2/2) (slides)	The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (link) [CCS'07]
01/31	Reverse Engineering 1 (slides)	No reading - homework 1
02/02	Reverse Engineering 2 (slides)	Using a Decompiler for Real-World Source Recovery (link) [WCRE'04]
02/07	Symbolic Execution (slides)	KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (link) [OSDI'08]
02/09	Fuzzing (slides)
02/14	Malicious Code 1/2 (slides)
02/16	Malicious Code 2/2 (slides)	Inside the Slammer Worm (link) [IEEE Security & Privacy Magazine 2003]
02/21	Sandboxing Applications (slides)	Native Client: A Sandbox for Portable, Untrusted x86 Native Code (link) [S&P'09]
02/23	Botnets and Cybercrime (slides)	Your botnet is my botnet: analysis of a botnet takeover (link) [CCS'09]
02/28	No class - NDSS
03/02	Midterm
03/07	Spring Break
03/09	Spring Break
03/14	Web Security 1 (slides)	Hypertext Transfer Protocol (link)
03/16	Web Security 2 (slides)	Introduction to HTML (link)
03/21	No class - CODASPY
03/23	No class - CODASPY
03/28	Web Security 3 (slides)
03/30	Web Injections (slides)
04/04	Cross-site Scripting (slides)	Cross-site Scripting (link)
04/06	No Class
04/11	ClickJacking & EAR (slides)	Fear the EAR: discovering and mitigating execution after redirect vulnerabilities (link)
04/13	Browser Extensions (slides)	Hulk: Eliciting Malicious Behavior in Browser Extensions (link)
04/18	Evasive web-based malware (slides)	Revolver: An Automated Approach to the Detection of Evasive Web-based Malware (link)
04/20	TCP/IP Security (slides)
04/21	HackPack CTF	1pm-7pm Capture the Flag event
04/25	DNS Security (slides)	An Illustrated Guide to the Kaminsky DNS VulnerabilitAn Illustrated Guide to the Kaminsky DNS Vulnerability (link)
04/27	Network Security (slides)
05/09	Final exam	1pm - 2:30pm