General Information

Course description

This course covers advanced techniques for attacks and defense in Cybersecurity. In particular, the course will teach binary reverse engineering, vulnerability analysis, exploit development, patching vulnerabilities, bug hunting, etc. through ten-weeks of hands-on labs with examples.

This course borrows the format of Capture-The-Flag (CTF) challenges for not only learning techniques required to solve the challenge but also enjoying the fun of taking over the systems and blocking attacks.

Who should take CS 4301.003?

CS 4301.003 is primarily mainly intended for both senior-level undergraduate and graduate students who are interested in obtaining skill sets required to thwart cyber attacks in the wild.

Over the course of lab exercises, students will become confident in competing in Capture-the-Flag (CTF) contests, conducting real-world bug hunting and getting bug bounty awards, and contributing to open-source projects by sending their patches via pull-requests.

Prerequisite Courses and Skills (Recommended)

• Courses

  • Computer Architecture and Assembly Language (cs2340) or equivalent

  • Data Structures and Introduction to Algorithmic Analysis (cs3345) or equivalent

  • Operating Systems (cs3377)

• Skills

  • Intermediary experience on Linux / Unix-based systems

  • Familiarity with C and memory operation (pointer)

  • x86 assembly

Class meetings

• When: Tue&Thr 11:30-12:45 (11:30am-12:45pm)

• Where: In-Person (ECSS 2.312)

Office hours and recitation

Instructor will hold weekly office hours from 3:00 PM to 4:00 PM (In-person / Remote) Tuesday.

• Meeting time may change at the instructor’s discretion with a prior annoucement.

Class logistics

Class attendance policy: Students are expected to attend all classes on time and actively participate hands-on labs. We will penalize students’ absence or tardiness without a proper reason.

Hands-on activity groups: Due to difficulty remote / virtual learning especially for the hands-on labs and activities, senior and graduate levels students has volunteered to take mentor roles to help you learn and follow the course material. We will assign students into 4 ~ 5 groups with a mentor assignee. We strongly encourage students to discuss and collaborate.

Asynchronous mode: CS 4301.003 will run remote / virtual mode. For those who cannot participate on time, we plan to provide an option to take the course asynchronously. Asynchronous students should inform the instructor and TA of their choice of a class mode within a week (Jan 26, 2021). Otherwise, we will consider the one as a regular mode student. We also expect Asynchronous students to watch the lecture video by the end of the day. We will use the class lecture as the primary channel to announce occasional assignments and schedule changes. It is the students’ responsibility to catch up with the lecture and follow the class logistics.

Grading policy

• 75% lab challenges, 15 % in-class CTF at the end of semester, and 10% from participating in external hacking competitions and class participation.

• If you miss any entire single lab, you will get an F (so please submit at least one flag per each lab). - No midterm or final exams. - See Rules.

• Late policy:

  The class allows students to submit their keys one week after the due at 50 % of original points.

• Make-up credits: TBA

Online Discussion

Online discussion is strongly encouraged and it will help you a lot in solving lab problems.

The class uses Discord channel as a main communication channel to share class materials. You can post your questions, ideas and thoughts and have discussions with mentors and other students. We sent the invitation via class emails or you can contact the instructor or one of TAs to join the Discord channel.

Misconduct Policy

Important

Cheating vs. collaboration

The collaboration is a desirable thing. Whereas the cheating is considered a very serious offense and is prosecuted. Vigorous prosecution requires that you be advised of the cheating policy of the course before the offending act. The following are examples how the class will define for the cheating and collaboration.

The policy is simple: don’t cheat:

• Never share code or text on the project.

• Never use someone else’s code or text in your solutions.

• Never consult potential solutions on the Internet.

On the other hand, for this class, you are strongly encouraged to:

• Share ideas.

• Explain your code to someone to see if they know why it doesn’t work.

• Help someone else debug if they’ve run into a wall.

If you obtain help of any kind, always write the name(s) of your sources.

Staffs

• Instructor: Kangkook Jee

• TAs:

  • Anthony Maranto

  • Kunal Mukherjee

  • Guangze Zu

  • Jerry Teng

  • David Wank