Date |
Topic |
Discussions (do readings before class) |
|
01/07 |
Introduction (slides, hackpack) |
|
|
01/14 |
Shellcode (slides) |
x86 Assembly Guide (link) |
|
01/21 |
Linux Security (slides) |
|
|
01/28 |
Reverse Engineering (slides) |
Reverse Engineering Tutorial (link), Radare2 Book (link) |
|
02/04 |
Control-flow hijack attacks (slides) |
Smashing The Stack For Fun And Profit (link) |
|
02/11 |
Stack Canaries & ASLR (slides) |
NOEXEC and StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (link) [USENIX Sec’98] |
|
02/18 |
Return-into-libc & ROP (slides) |
Advanced return-into-lib(c) exploits (PaX case study) (link) |
|
02/25 |
NDSS Symposium 2020 - No class |
take a look at the accepted papers of the conference |
|
03/03 |
Midterm Exam |
|
|
03/10 |
Spring Break - No class |
|
|
03/17 |
COVID-19 madness |
class becomes online-only from this point on |
|
online |
Web Security (slides) |
Intro |
|
online |
Web Security (slides) |
More intro |
|
online |
Web Security (slides) |
SQL Injections |
|
online |
Web Security (slides) |
HTML+JavaScript |
|
online |
Web Security (slides) |
AJAX & web frameworks |
|
online |
Web Security (slides) |
Client-side Attacks & Isolation |
|
online |
Web Security (slides) |
Session Fixation and other attacks |
|
online |
Web Security (slides) |
XSS Attacks |
|
04/17 |
HackPack CTF |
Capture the Flag event for the class that is open to the public, join here |
|
04/27 |
Final Exam |
online web security assignment |
|