CSC-405 Introduction to Computer Security

Date Topic Discussions (do readings before class)
01/08 Introduction (slides)  
01/10 Web Security (slides) Intro
01/15 Holiday - No class  
01/17 Snow day - No class  
01/22 Web Security (slides) Hypertext Transfer Protocol (link)
01/24 Web Security (slides) Introduction to HTML (link)
01/29 Web Security (slides) Introduction to asynchronous JavaScript (link)
01/31 Web Security (slides) Optional: All Your iFRAMEs Point to Us (link)
02/05 Web Security (slides) SQLrand: Preventing SQL injection attacks (link) [ACNS’04]
02/07 Web Security - SQL Injections (slides) Cross-site Scripting (link)
02/12 Web Security - XSS (slides) Clickjacking: Attacks and Defenses (link) [USENIX Sec’12]
02/19 ClickJacking & EAR (slides) Fear the EAR: discovering and mitigating execution after redirect vulnerabilities (link)
02/21 Browser Extensions (slides) Hulk: Eliciting Malicious Behavior in Browser Extensions (link) [USENIX Sec’14]
02/26 Evasive web-based malware (slides) Revolver: An Automated Approach to the Detection of Evasive Web-based Malware (link) [USENIX Sec’13]
02/28 Midterm Exam  
03/05 Spring Break - No class  
03/07 Spring Break - No class  
03/12 Shellcode (slides) x86 Assembly Guide (link)
03/14 Linux Security (slides) Setuid Demystified (link) [USENIX Security’02]
03/19 Reverse Engineering 1/2 (slides) Reverse Engineering Tutorial (link)
03/21 Reverse Engineering 2/2 (slides) Radare2 Book (link)
03/26 Control-flow hijack attacks (slides) Smashing The Stack For Fun And Profit (link) and Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns (link) [S&P’04]
03/28 Stack Canaries & ASLR (slides) StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (link) [USENIX Sec’98] and NOEXEC
04/02 Return-into-libc & ROP (slides) The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (link) [CCS’07]
04/04 Control-flow integrity (slides) Control-flow integrity (link) [CCS’05]
04/09 SEC@SAC - No class  
04/11 SEC@SAC - No class  
04/16 NSF panel - No class  
04/18 Final Exam  
04/20 HackPack CTF 1pm-7pm Capture the Flag event at Hunt Library Room 4106

CTF Events for class participation

CTF Name Date URL Notes Room
Insomni’hack 1/20 link starts at 10am UTC and will last 36 hours 1220 EB2 Jan 20th 1pm-8pm
Sharif CTF 2/2 link starts at 6:30am UTC and will last 36 hours 2220 EB3 Feb 2nd 4pm-7pm
Codegate CTF 2/3 link starts at 9:00am KST and will last 24 hours no room booked
iCTF 2018 3/16 link starts at 11:00am EST and will last 8 hours 2220 EB3 after 4pm
Nuit du Hack CTF 3/30 link starts at 11:59pm CEST and will last 24 hours no room booked
0CTF/TCTF 2018 3/31 link starts at 01:00am UTC and will last 48 hours no room booked
UIUCTF 2018 4/7 link starts at 00:00 UTC and will last 48 hours no room booked