To better defend against cyber attacks, we have to first understand how the attacks really work. That is also what we often called ``knowing the enemy''. Offense-based Cyber Security (3 semester hours) is exactly designed for this purpose, and aims to study and understand the techniques used in cyber offense.
Below is a typical scenario on how real attack is launched. To attack a computer system, the first step an attacker needs to do is often the reverse engineering, which is the process of discovering of high level information (e.g., the vulnerability) from the low level artifacts such as the machine code, the OS and the service software the target system is running, etc. To perform the reverse engineering of the machine code, we can do static analysis (disassemble, or decompile), or dynamic analysis (observe how the information exchanges). After having figured out the vulnerability if the victim system, the next step is to develop exploit, which is the attack payload or the often called shell code. To launch the attack, we also have to understand the defense techniques deployed in the OS, such as ASLR, DEP, etc. Once an attack succeeds, we also need to investigate the evidences related to the attack, which is often called the forensics.
Therefore, in this class, we will provide a comprehensive coverage of the fundamental methodologies, skills, legal issues, and tools used in reverse engineering, penetration testing, exploit generation, and forensics.
The learning outcome is students shall be able to understand and know
In support of this, the course will have heavy hands on projects towards training the basic skill sets related to achieving these goals.
| Week | TOPICS TO BE COVERED | ||
|---|---|---|---|
| 0 | Course Logistics and Overview | ||
| Basics | |||
| 1 | Low Level Code (x86 assembly, disassemble) | ||
| 2 | Programming (GNU tool chain) | ||
| 3 | Operating Systems (Processes, Memory, System calls) | ||
| 4 | Networking (TCP/IP programming) | ||
| Vulnerability Analysis | |||
| 5 | Buffer Overflow (Stack and Heap Overflow) | ||
| 6 | Integer Overflow, Format String | ||
| Reverse Engineering | |||
| 7 | Static Analysis (objdump, IDA) | ||
| 8 | Dynamic Analysis (PIN, QEMU) | ||
| 9 | Blackbox Fuzzing | ||
| 10 | Whitebox Fuzzing | ||
| Exploit Development and Defense | |||
| 11 | Control flow hijacking | ||
| 12 | ASLR, DEP, CFI | ||
| 13 | Return oriented programming (ROP) | ||
| Forensics | |||
| 14 | Disk Forensics | ||
| 15 | Memory Forensics | ||
NOTE: please access all the lecture notes posted in e-learning.
We expect students should satisfy at least three of the following:
All late submissions will automatically lose 1 point per delayed day until the points in that project are gone.
Students are encouraged to collaborate, particularly on the discussion on the course project. However, each individual must finish the project by him/her-self.
We will strictly follow the university policy on cheating and plagiarism which is available here. Please avoid. There are also several examples of Scholastic Dishonesty If you have any questions regarding this issue, please contact the instructor.
After teaching the graduate level Binary Code Analysis and Systems Security in the past two years (i.e., Spring 2012, Fall 2013), I realized that the students are more interested in the reverse engineering (RE) and penetration testing (PT), the offensive side of the cyber security. Inspired by a recent Offensive Computer Security class offered at FSU, as well as the conversation with our CSG students, I decided to refactor the course materials I developed earlier to particularly emphasize the RE and PT. Also, there are many undergraduate students who are highly interested in such a class. This eventually leads to the creation of this course. It is difficult to choose a proper name for this course. Thanks to our department head Dr. Gupta for suggesting this course name.