Staff
Instructors:
Kyle C. Hale
Office Hours: T 3:30PM-5PM @ SB 229C (first half of
semester)
E-mail: khale [at] cs [dot] iit [dot] edu
Kevin Jin
Office Hours: T/TR 3:05PM-4:05PM @ SB 208C (second half
of semester)
E-mail: dong [dot] jin [at] iit [dot] edu
TA:
Gong Chen
Office Hours: T 1:30PM-3:30PM @ SB 019
E-mail: gchen31 [at] hawk [dot] iit [dot] edu
Course Info
Course number: CSP 544
Semester: Spring 2020
Lecture Time: Tues/Thurs 11:25AM - 12:40PM
Lecture Location: Stuart 239
Overview
We increasingly live in a digitally-connected world. More of our personal systems, national infrastructures, automobiles, and smart devices are becoming internet-connected, so the importance of secure systems is more critical than ever. Unfortunately, tracking the trend for internet-connected systems is an increasing prevalence of malicious actors and criminals intent on breaking, subverting, and otherwise sabotaging important systems. Billions of dollars are lost and thousands of lives are affected by such cybercrime, and there is a dearth of trained talent to offset these trends. We must endeavor to train ethical hackers with strong cyber-security techniques, who understand the toolkits and trades employed by cybercriminals, and imbue them with an ethos of using their knowledge for good. This course will be a programming-based, learn-by-doing-oriented course focused on applying foundational principles in security to real systems and networks . You will implement several real attacks and take advantage of several recreated vulnerable systems in order to understand the modern landscape of network and systems security. Other than implementing our own attacks, we will also be looking at various case studies of attacks and defense strategies, including known exploit proofs-of-concept, published papers, and documents from security agencies and cyber-security research firms.
Communication
We will be primarily using Piazza as a course communication mechanism. If you have an issue or question that is not strictly private (especially one you think would benefit everyone were it answered), please use Piazza as your first resource. The instructor and your fellow classmates will be there to help. Note that you can also post anonymously if you so choose.Lecture/Lab Schedule
| Week | Date | Item | Topic | Lab | TODO items/notes/readings |
|---|---|---|---|---|---|
| 1 | Tues 1/14 | Lec 1 | Introduction to Software Security; Course Logistics | SEED Lab setup |
|
| 1 | Thurs 1/16 | Lec 2 | Software Security II | SetUID and Environment Variables |
|
| 2 | Tues 1/21 | Lec 3 | Software Security III | Stack Smashing for Fun and for Profit |
|
| 2 | Thurs 1/23 | Lec 4 | Software Security IV |
|
|
| 3 | Tues 1/28 | Lec 5 | Software Security V | ROP ROP ROP |
|
| 3 | Thurs 1/30 | Lec 6 | Software Security VI | printf for
fun and for profit |
|
| 4 | Tues 2/4 | Lec 7 | Software Security VII |
|
|
| 4 | Thurs 2/6 | Lec 8 | System Security I | Spectre and Meltdown |
|
| 5 | Tues 2/11 | Lec 9 | System Security II |
|
|
| 5 | Thurs 2/13 | Lec 10 | System Security III | ELF Poisoning is Metal |
|
| 6 | Tues 2/18 | Lec 11 | System Security IV |
|
|
| 6 | Thurs 2/20 | Lec 12 | System Security V | Backdoor to the Kernel |
|
| 7 | Tues 2/25 | Lec 13 | System Security VI | Fuzzing (Optional) |
|
| 7 | Thurs 2/27 | Lec 14 | System Security VII | Android Rooting |
|
| 8 | Tues 3/3 | Lec 15 | System Security VIII | Dropped drive attacks |
|
| 8 | Thurs 3/5 | Lec 16 | Crypto I | Symmetric Key Encryption |
|
| 9 | Tues 3/10 | Lec 17 | Crypto II | Password Cracking |
|
| 9 | Thurs 3/12 | Lec 18 | Web Security I | Cross-site Scripting |
|
| 10 | Tues 3/17 | Spring Break | |||
| 10 | Thurs 3/19 | Spring Break | |||
| 11 | Tues 3/24 | Lec 19 | Web Security II |
|
|
| 11 | Thurs 3/26 | Lec 20 | Web Security III | SQL Injection |
|
| 12 | Tues 3/31 | Lec 21 | Web Security IV |
|
|
| 12 | Thurs 4/2 | Lec 22 | Network Security I | Packet Sniffing and Spoofing |
|
| 13 | Tues 4/7 | Lec 23 | Network Security II |
|
|
| 13 | Thurs 4/9 | Lec 24 | Network Security III | TCP/IP Attacks |
|
| 14 | Tues 4/14 | Lec 25 | Network Security IV |
|
|
| 14 | Thurs 4/16 | Lec 26 | Network Security V |
Firewall Attacks |
|
| 15 | Tues 4/21 | Lec 27 | Network Security VI |
|
|
| 15 | Thurs 4/23 | Lec 28 | Network Security VII |
Bypassing Firewalls using VPN |
|
| 16 | Tues 4/28 | Lec 29 | Network Security VIII |
|
|
| 16 | Thurs 4/30 | Final Exam |
Exam Schedule
| Week | Date | Item | Length | Covers | File Date | Note |
|---|---|---|---|---|---|---|
| 16 | 4/30 | Final Exam | Full class time | all lectures, all labs |
Labs
| Lab | Topic | Due Date | Handout | Notes |
|---|---|---|---|---|
| 1 | Environment Variables and SetUID (SEED) | Tuesday, 1/21 before class | Lab 0x01 link | |
| 2 | Buffer Overflows (SEED) | Tuesday, 1/28 before class | Lab 0x02 link | |
| 3 | Return-oriented Programming (SEED) | Tuesday, 2/4 @ 11:59 PM | Lab 0x03 link | |
| 4 | Format String Vulnerabilities (SEED) | Thursday, 2/6 @ 11:59 PM | Lab 0x04 link | |
| 5 | Exploiting Speculative Execution (SEED) | Tuesday, 2/11 @ 11:59 PM | Lab 0x05 link | |
| 6 | Code Injection and Binary Exploitation | Thursday, 2/20 @ 11:59 PM | Lab 0x06 link | |
| 7 | Kernel Backdoors and Rootkits | Thursday, 2/27 @ 11:59 PM | Lab 0x07 link | |
| 8 | Fuzzing (optional) | N/A | Lab 0x08 link | |
| 9 | Android Rooting (SEED) | Friday, 3/6 @ 11:59 PM | Lab 0x09 link | |
| 10 | Rubber Duckies (optional) | N/A | Lab 0x0a link | |
| 11 | Symmetric Key Encryption (SEED) | Thursday, 3/12 @ 11:59 PM | Lab 0x0b link | |
| 12 | Password Cracking | Tuesday, 3/24 @ 11:59 PM | Lab 0x0c link | |
| 13 | Cross-site Scripting (SEED) | Tuesday, 3/31 @ 11:59 PM | Lab 0x0d link | |
| 14 | SQL Injection (SEED) | Tuesday, 4/7 @ 11:59 PM | Lab 0x0e link | |
| 15 | Packet Sniffing and Spoofing (SEED) | Tuesday, 4/14 @ 11:59 PM | Lab 0x0f link | |
| 16 | TCP/IP Attacks (SEED) | Tuesday, 4/21 @ 11:59 PM | Lab 0x10 link | |
| 17 | Firewall Attacks (SEED) | Tuesday, 4/28 @ 11:59 PM | Lab 0x11 link | |
| 18 | Bypassing Firewalls using VPN (SEED) | Tuesday, 5/5 @ 11:59 PM | Lab 0x12 link |
Books
There are no required textbooks for this course. However, there are several recommended texts, the first of which will be very helpful in completing the labs:
Development Environment
We will primarily be using virtual machine images to set up vulernable environments for you to exploit. Thus, in order to do the labs, you'll need to set up a hypervisor/VMM on your machine to complete the labs. You should be able to use VirtualBox, VMware, or libvirt. We'll be using the SEED Labs for most of the class, but we will augment them with our own. You can see here to get set up for the labs.
Tools
- Metasploit: A penetration testing framework
- Kali linux: A Linux distro aimed at ethical hacking and pentesting
- An online x86 Disassembler
- pwntools, a Python exploitation framework, meant for CTFs
- A shellcode tester
- Wireshark, a network packet capture and analysis tool
- SET, the Social-Engineer Toolket
- PTF, Penetration Tester's Framework
- GEF, GDB wrapper for reverse engineering and exploit development
- strace, Linux syscall tracer
- ltrace, library call tracer
- Shodan, vulnerability scanning
- Hydra, brute force cracking of remote services
Other Useful Links and Resources
This is a list of other resources that you might find useful for this class and for doing work in the security area in general. Feel free to peruse them at your own convenience.
CTFs
- CTFTime, a list of upcoming CTFs
- How to prepare for a CTF
- CTF practice list
- PicoCTF
- Pwnable practice challenges
- CTFLearn, a learning platform for exploitation
- Smash the Stack wargames
- Google CTF
- OverTheWire Wargames
- TrailOfBits CTF Field Guide
Links
- Hack The Box pen-testing labs
- Phoenix exploit education
- MIT's security reading list
- Sophia D'Antoine's slides on shellcoding
- Adam Doupe's security course videos
- An ethical hacking course on YouTube
- A Github-based course on Linux exploitation
- SQL Injection cheat sheet
- NMAP cheatsheet
- Guide to lsof usage
- vx underground, compendium of malwares and related papers/code
