Date Topic Reading Quiz Notes Lab
Aug 26 Fundamentals
  1. 5 Cybersecurity Threats for 2020
  2. Learning the Shell
  
  1. Introduction
  2. Fundamentals
 Command Line Basics
Sep 02 Access Control and Environment Variables
  1. Du, chapters 1 and 2
  2. Compiling a C program
  3. Memory Layout of a C Program
  4. Advanced Linux Programming, pages 45-51
 1 AccessControl Environment and SetUID
Sep 09 Input Validation and the Shellshock Attack
  1. Du, chapter 3
  2. Input Validation Cheatsheet
  3. Stack vs Heap Memory Allocation
 2 InputValidation Shellshock Attack
Sep 16 Buffer Overflows
  1. Du, chapter 4
  2. Introduction to Memory Unsafety for VPs of Engineering
  3. Secure Coding in C and C++, 2nd Edition, Chapter 2 (reference)
 3 Buffer-Overflows Buffer Overflow
Sep 23 Format Strings and Integer Security
  1. Du, chapter 6
  2. Programming Language Format String Vulnerabilities
  3. Integer Overflow
 4
  1. FormatStrings
  2. IntegerSecurity
 Format String
Sep 30 Race Conditions and Web Security
  1. Du, chapter 7
  2. A Security-Focused Introduction to HTTP
  3. HTTP Cookies
 5
  1. RaceConditions
  2. HTTPsecurity
 Race Condition
Oct 07 Authentication and Cross Site Request Forgery (CSRF)
  1. Du, chapter 10
  2. Your Password Doesn't Matter
  3. Why passwords have never been weaker and crackers have never been stronger
  4. Anatomy of a hack: How crackers ransack passwords like "qeadzcwrsfxv1331"
  5. What is CSRF?
 6 Authentication CSRF Attack
Oct 14 Cross-Site Scripting (XSS) and Election Security
  1. Du, chapter 11
  2. A Brief History of Voting
  3. The Crisis of Election Security
  4. Online voting is a cybersecurity nightmare
  5. Economics of Hacking an Election
 7
  1. CrossSiteSecurity
  2. ElectionSecurity
 Cross-Site Scripting Attack
Oct 21 Injection Attacks and Surveillance
  1. Du, chapter 12
  2. What is SQL Injection
  3. Don't Panic: Making Progress on the "Going Dark" Debate (pages 1-15)
  4. Keys Under Doormats
  5. SQL Zoo (reference)
 8 Injection SQL Injection
Oct 28 Packet Sniffing and TCP/IP
  1. Du, chapters 15 and 16 (ignore C code)
  2. TCP/IP Model
  3. How TCP Works
  4. Scapy Tutorial p. 01, 03-05
  5. An Introduction to Computer Networks, chapters 7 and 12 (reference)
 9 NetworkSecurity Packet Sniffing and Spoofing
Nov 04 Firewalls and NIDS Du, chapter 17 (skip section 17.3) 10
  1. TCP-UDP-Security
  2. FirewallsNIDS
 TCP Attacks
Nov 11 DNS and Security Protocols
  1. Du, chapter 18 (skip sections 18.7-9)
  2. Du, chapter 19.1-2
  3. Anderson, chapter 4
 11 SecurityProtocols Local DNS Attacks
Nov 18 Secret Key Cryptography and Hash Functions
  1. Du, chapters 21 and 22 (ignore C code)
  2. Why Google is Hurrying the Web to Kill SHA-1
  3. New SHA-1 Collision Attack
 12 HashFunctions Secret Key Encryption
Dec 02 Public Key Cryptography
  1. Du, chapters 23 and 24
  2. Is Encryption Doomed?
  3. Securing a CA root certificate
 13
  1. PublicKeyCryptography
  2. PublicKeyInfrastructure
 Public Key Infrastructure
Dec 09 Transport Layer Security and Blockchain
  1. Du, chapter 25 (skip sections 25.4 and 25.6)
  2. Du, chapter 26
  3. TLS Deployment Best Practices (reference)
  4. Ethereum is a Dark Forest
  5. Why Bitcoin is destined to become a niche asset
 14
  1. TransportLayerSecurity
  2. Cryptocurrencies
  
- Dec 15 Final Exam ()