CSE363

Course CSE363
Title Offensive Security
Credits 3
Course Coordinator

Michalis Polychronakis

Description

Hands-on course with the goal of understanding various security problems in depth, through a more adversarial way of thinking. By focusing on finding and exploiting vulnerabilities, the course will cover a broad range of topics, including the ethics of offensive security, reverse engineering, software vulnerability discovery and exploitation, malicious code analysis, network traffic interception and manipulation, reconnaissance and information gathering, physical security, and social engineering. All topics will be covered from a highly practical perspective, following a hands-on approach and tutorial-like sessions, along with programming assignments.

Prerequisite CSE 331; CSE major
Course Outcomes

Practical knowledge of a broad range of offensive security skills, including reverse engineering, software vulnerability discovery and exploitation, malicious code analysis, network traffic interception and manipulation, reconnaissance and information gathering, physical security, and social engineering.

An ability to assess the security posture of existing systems and networks.

An ability to design and implement secure systems and effective defenses.

Textbook

Recommended: Georgia Weidman “Penetration Testing: A Hands-On Introduction to Hacking.” Publisher: No Starch Press; 1 edition (June 8, 2014), ISBN-10: 1593275641, ISBN-13: 978-1593275648

Major Topics Covered in Course
  • Week 1. Introduction and Ethics. Why offensive security matters, discussion of ethics, legal issues, threat models, best practices.
  • Week 2. Network layer attacks. Lower layer and protocol attacks, reconnaissance and information gathering, network evasion.
  • Week 3. Host-level attacks. OS internals and basic tools. Linux and Windows internals, memory layout, system protections, binary executable formats, authentication.
  • Week 4. Reverse engineering. Code disassembly, interactive debugging, code auditing, vulnerability discovery, fuzzing.
  • Week 5. Binary exploitation. Basic concepts of memory corruption vulnerabilities, shellcode construction.
  • Week 6. Advanced binary exploitation. Dealing with protections and exploit mitigations (DEP, ASLR, /GS), return-oriented programming, EMET.
  • Week 7. Midterm Exam
  • Week 8. Post-exploitation. Privilege escalation, sandbox bypass, DLL injection, persistent access, internal reconnaissance and lateral movement, forensics and incident response (covering your tracks).
  • Week 9. Malware and rootkits. Basic concepts, infection and propagation strategies, evasion techniques.
  • Week 10. Web application exploitation. HTTP, XSS, CSRF, SQLi, session hijacking, etc.
  • Week 11. SSL/TLS. Man-in-the-middle attacks, certificate authorities, crypto attacks, backdoors.
  • Week 12. Physical security. Hardware attacks, USB and DMA, low-level malicious code (firmware/BIOS), tampering, bugs.
  • Week 13. Social engineering and deception. Phishing, information gathering, impersonation.
  • Week 14. OPSEC. Hacker tradecraft, anonymity, SIGINT, HUMINT, counterintelligence.

Laboratory Projects
Course Webpage