Special Topics in Offensive Security Fall 2019
Special Topics in Offensive Security is a graduate course that explores the tools and techniques used to attack systems, networks, and software. The course goals are the following:
- Provide both theoretical and working knowledge of popular vulnerability classes and how to exploit them
- Enumerate deployed defense classes and how to bypass them
- Examine techniques for discovering 0-day vulnerabilities and developing proof-of-concept exploits
- Provide hands-on experience in the stages of typical attack campaigns
Topics covered by this course include:
- Security foundations
- Memory corruption
- Reverse engineering
- Privilege escalation
- Attack persistence
- Data exfiltration
Upon completion of this course, students will be able to:
- Discover previously-unknown vulnerabilities in compiled code using dynamic testing and manual reverse engineering
- Develop proof-of-concept exploits for discovered vulnerabilities that bypass state-of-the-art defenses
- Integrate exploits into multi-stage targeted attack campaigns
- Class meetings TBD
- Office hours TBD
- TA hours TBD
Grades will be assigned based on the completion of projects and class participation.
This seminar course assumes that you have significant “programming maturity” and that you have prior experience with basic software exploitation.
As a concrete example for calibration purposes: Exploiting a simple stack-based buffer overflow should take you on the order of an hour. On the other hand, if this would take you a week, then you would be better served by taking an introductory security course instead.
Cheating. Work submitted for grading must represent your own effort. Group work is not allowed unless a problem statement specifically states otherwise. Similarly, use of third-party content (for code, whether as a library, service, or in source form) is only permissible in the context of the allowances explicitly made as part of a problem statement. “Use” in this context refers not only to copying in the cut-and-paste sense, but any content derived from third-party work. A non-exhaustive list of plagiarism examples include:
- Copying third-party code verbatim that was published in an online source code repository, forum, or other reference site such as GitHub, GitLab, Stack Overflow, Wikipedia, or similar
- Adapting an algorithm found in third-party code published online
- Collaborating on code with other students, such as adapting code written by another student or working together on a shared code base at any point
While referring to third-party code can be helpful in devising your own solution, it is also extremely dangerous as it is all too easy to plagiarize without realizing it. (It is for exactly this reason that viewing source code published online that may be relevant to a product is almost always strictly forbidden in corporate settings due to intellectual property concerns.) While discussing course material with other students is encouraged, it is strongly recommended that students refrain from viewing any third-party source code.
Cheating damages the reputation of the university as well as the grades of students who participate in the course in good faith. As such, there will be zero tolerance for cheating in this course. Students that participate in this course must acknowledge that they have read and understood the University Academic Integrity Policy. All cheating cases will be brought to the CCIS Academic Integrity Committee and to OSCCR on the first offense. Finally, all students found to be cheating will receive a failing grade on the first offense.
Grading. Late assignments will be accepted, with the caveat that grading will be penalized by a full letter grade for each day that an assignment is late. Grades may be subject to a curve.
Reference Material. There is no official textbook for this course. Instead, we will rely on lectures and readings. If you need to brush up on background material on algorithms, architecture, systems, or networks, strongly reconsider whether you satisfy the course prerequisites.
Due to the fast pace of the field, much information is only available online and thus referring to third-party online sources is encouraged. However, keep in mind that referring to third-party source code is permissible only within the constraints of the class and university academic integrity policies.
Online Discussion. Online discussion and questions will be handled through Slack, not via email. A best effort attempt will be made to respond to posts within 24 hours on weekdays during normal working hours. To ensure a timely response, do not wait to ask questions until the night before a submission deadline.
Ethics. This course covers sensitive material that includes information on how to exploit vulnerable software. Attack-oriented work must be restricted to the computing resources provided. Alternatively, students can perform this work using personal resources so long as other computing resources are not affected.
In particular, attacks performed against University resources or the open Internet are expressly prohibited. Students should also be familiar with the University Appropriate Use policy.