01/08 |
Introduction (slides) |
|
01/10 |
Web Security (slides) |
Intro |
01/15 |
Holiday - No class |
|
01/17 |
Snow day - No class |
|
01/22 |
Web Security (slides) |
Hypertext Transfer Protocol (link) |
01/24 |
Web Security (slides) |
Introduction to HTML (link) |
01/29 |
Web Security (slides) |
Introduction to asynchronous JavaScript (link) |
01/31 |
Web Security (slides) |
Optional: All Your iFRAMEs Point to Us (link) |
02/05 |
Web Security (slides) |
SQLrand: Preventing SQL injection attacks (link) [ACNS’04] |
02/07 |
Web Security - SQL Injections (slides) |
Cross-site Scripting (link) |
02/12 |
Web Security - XSS (slides) |
Clickjacking: Attacks and Defenses (link) [USENIX Sec’12] |
02/19 |
ClickJacking & EAR (slides) |
Fear the EAR: discovering and mitigating execution after redirect vulnerabilities (link) |
02/21 |
Browser Extensions (slides) |
Hulk: Eliciting Malicious Behavior in Browser Extensions (link) [USENIX Sec’14] |
02/26 |
Evasive web-based malware (slides) |
Revolver: An Automated Approach to the Detection of Evasive Web-based Malware (link) [USENIX Sec’13] |
02/28 |
Midterm Exam |
|
03/05 |
Spring Break - No class |
|
03/07 |
Spring Break - No class |
|
03/12 |
Shellcode (slides) |
x86 Assembly Guide (link) |
03/14 |
Linux Security (slides) |
Setuid Demystified (link) [USENIX Security’02] |
03/19 |
Reverse Engineering 1/2 (slides) |
Reverse Engineering Tutorial (link) |
03/21 |
Reverse Engineering 2/2 (slides) |
Radare2 Book (link) |
03/26 |
Control-flow hijack attacks (slides) |
Smashing The Stack For Fun And Profit (link) and Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns (link) [S&P’04] |
03/28 |
Stack Canaries & ASLR (slides) |
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (link) [USENIX Sec’98] and NOEXEC |
04/02 |
Return-into-libc & ROP (slides) |
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (link) [CCS’07] |
04/04 |
Control-flow integrity (slides) |
Control-flow integrity (link) [CCS’05] |
04/09 |
SEC@SAC - No class |
|
04/11 |
SEC@SAC - No class |
|
04/16 |
NSF panel - No class |
|
04/18 |
Final Exam |
|
04/20 |
HackPack CTF |
1pm-7pm Capture the Flag event at Hunt Library Room 4106 |