Course Schedule Spring 2022
Part 1. Security Fundamentals
| Mon./Wed. Lecture | Tue./Thu. Lecture | Lab |
|---|---|---|
|
HONEYMAN
Tuesday, May 3 The Security Mindset Threat models, vulnerabilities, attacks; how to think like an attacker and a defender Crypto Project available
|
No lab | |
|
HONEYMAN
Wednesday, May 4 Message Integrity Alice and Bob, crypto games, Kerckhoffs's principle, hashes and MACs |
HONEYMAN
Thursday, May 5 Randomness and Pseudorandomness Generating randomness, PRGs, one-time pads |
Introduce project Python tutorial Length extension Hash collisions Lab Assignment |
|
HONEYMAN
Monday, May 9 Confidentiality Simple ciphers, AES, block cipher modes Crypto Project, Part 1 due 6 p.m.
|
HONEYMAN
Tuesday, May 10 Confidentiality Attacks, Key Exchange Diffie-Hellman key exchange, man-in-the-middle attacks |
Review Part 1 Padding oracles |
|
HONEYMAN
Wednesday, May 11 Public Key Cryptography RSA encryption, digital signatures, secret sharing |
Part 2. Web and Network Security
| Mon./Wed. Lecture | Tue./Thu. Lecture | Lab |
|---|---|---|
|
HONEYMAN
Thursday, May 12 Web Platform Intro to the web platform; HTTP, cookies, Javascript, etc. |
Bleichenbacher attacks | |
|
HONEYMAN
Monday, May 16 Web Attacks and Defenses Cookies; XSS, CSRF, and SQL-injection attacks and defenses Crypto Project, Part 2 due 6 p.m.
Web Project available
|
HOFFMAN
Tuesday, May 17 HTTPS and the Web PKI The TLS protocol and the CA ecosystem |
Review Crypto Project Introduce Web Project SQL tutorial SQL injection mechanics |
|
HOFFMAN
Wednesday, May 18 Attacking HTTPS Implementation flaws, social engineering attacks, and crypto failures |
HONEYMAN
Thursday, May 19 Networking 101 IP, forwarding, routing, DNS, BGP |
HTML and JavaScript tutorial XSS and CSRF mechanics |
|
HONEYMAN
Monday, May 23 Networking 102 IP, forwarding, routing, DNS, BGP Web Project due 6 p.m.
Networking Project available
|
HONEYMAN
Tuesday, May 24 Network Attacks and Defenses ARP spoofing, DNS attacks, denial of service |
Introduce Networking Project Go tutorial Wireshark tutorial Lab Assignment |
|
HONEYMAN
Wednesday, May 25 Protocol Security Firewalls, IDSes, VPNs, zero-trust |
HONEYMAN
Thursday, May 26 Authentication and Passwords Passwords, online and offline guessing |
MITM implementation Project help |
Part 3. Host and Application Security
| Mon./Wed. Lecture | Tue./Thu. Lecture | Lab |
|---|---|---|
|
Monday, May 30 No Lecture Memorial Day |
HONEYMAN
Tuesday, May 31 Malware Viruses and worms, spyware, key loggers, and botnets; defenses |
No lab |
|
HONEYMAN
Wednesday, Jun. 1 Control Hijacking, Part 1 Software architecture and a simple buffer overflow Networking Project due 6 p.m.
AppSec Project available
|
HONEYMAN
Thursday, Jun. 2 Control Hijacking, Part 2 Common exploitable application bugs, shellcode |
Introduce AppSec Project Binary exploitation primer ROP exploitation Ghidra tutorial |
|
HONEYMAN
Monday, Jun. 6 Access Control and Isolation Isolation, sandboxing, virtual machines, SGX, containers |
HONEYMAN
Tuesday, Jun. 7 Side Channels Timing attacks, cache attacks, etc. |
No lab |
|
HONEYMAN
Wednesday, Jun. 8 Digital Forensics Taint and blur, data recovery, incident response Forensics Project available
|
HONEYMAN
Thursday, Jun. 9 Privacy and Anonymity Online tracking; Tor, Signal, etc. |
Autopsy tutorial |
Part 4. Security in Context
| Mon./Wed. Lecture | Tue./Thu. Lecture | Lab |
|---|---|---|
|
HONEYMAN
Monday, Jun. 13 Cyberconflict Nation-state attackers, cyberwarfare, APTs |
HONEYMAN
Tuesday, Jun. 14 Steganography Hiding data in plain sight |
Monday: crypto/web review Tuesday: No lab |
|
PRAKASH
Wednesday, Jun. 15 Adversarial Machine Learning Evasion attacks, data poisoning attacks, model extraction |
HONEYMAN
Thursday, Jun. 16 Physical Security Locks and safes, lock picking techniques; defenses |
Wednesday: networking review Thursday: appsec review |
|
Monday, Jun. 20 Study day |
Tuesday, Jun. 21 Study day Forensics Project due 6 p.m.
|
No lab |