CSC-405 Computer Security


Date Topic Discussions (do readings before class)
01/14 Introduction (slides-intro, slides-whysec)  
01/21 Shellcode (slides) x86 Assembly Guide
Guide to x86-64
Linux VM Setup
Linux System Calls
01/28 keynote at CCSC’22 - no class  
02/04 Linux Security (slides) Ubuntu Security
02/11 Reverse Engineering (slides, tutorial) Ghidra Black Hat’19 talk
02/18 Control-flow hijack attacks (slides) Smashing The Stack For Fun And Profit (link)
02/18 Stack Canaries & ASLR (slides) NOEXEC and StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (link) [USENIX Sec’98]
02/25 Return-into-libc & ROP (slides) Advanced return-into-lib(c) exploits (PaX case study) (link)
03/11 Web Security (slides) Intro
03/18 spring break - no class  
03/25 Web Security (slides) SQL Injections
04/01 Web Security (slides, slides) HTML+JavaScript, XSS Attacks
04/08 HackPack CTF Capture the Flag event for the class that is open to the public, join here
04/15 Web Security AJAX & web frameworks
04/22 Web Security Client-side Attacks & Isolation