CSC 4992 Cyber Security Practice

Winter 2018 -- Fengwei Zhang

  • Instructor: Fengwei Zhang
  • Class Location: Science and Engineering Library (SCLB) 050B
  • Class Time: Tuesday, Thursday 10:00AM - 11:15AM
  • Syllabus: [PDF]
  • Office Hours: Friday, 01:00PM - 02:30PM
  • Office Address: Maccabees Building, Room 14109.3
  • Homepage: http://fengwei.me
  • Email: fengwei (at) wayne (dot) edu

Course Description

This course provides hands-on experience in playing with security software and network systems in a live laboratory environment, with the purpose of understating real-world threats. The course will take both offensive and defense methods to help student explore security tools and attacks in practice. It will focus on attacks (e.g., buffer overflow, heap spray, kernel rootkits, and denial of service), hacking fundamentals (e.g., scanning and reconnaissance), defenses (e.g., intrusion detection systems and firewalls). Students are expected to finish intensive lab assignments that use real-world malware, exploits, and defenses.

Course Objectives

This course offers an in depth experience of real-world threats and defenses. Upon successful completion of this class, the student will gain experience in:

Prerequisites

CSC 2110 and CSC 2111; or permission of the instructor.

Grading Policy

The grades for the course will be based upon the tables given below

Academic Dishonesty

Please read and adhere to the University's Academic Integrity Page and WSU Student Code of Conduct.

Student Disabilities Services

If you have a documented disability that requires accommodations, you will need to register with Student Disability Services for coordination of your academic accommodations. The Student Disability Services (SDS) office is located in the Adamany Undergraduate Library. The SDS telephone number is 313-577-1851 or 313-202-4216 (Videophone use only).

Class Schedule

Date Topic Reading & Notes (tentative) Slides & Labs
Week 1, 01/09 Course overview
  • VMware software and Microsoft products through Dreamspark at WSU. [Link]
  • Kali Linux - Penetration Testing Linux Distribution. [Link]
[Slides]
Week 1, 01/11 Lab 1: Packet Sniffing and Wireshark
  • Wireshark: Network protocol analyzer. [Link]
  • TCPDump and LibPCAP. [Link]
  • Packet Sniffing Basics. In Linux Journal. [Link]
[Slides]
[Lab1]
[VM Image]
Week 2, 01/16 Lab 1: Packet Sniffing and Wireshark
Week 2, 01/18 Lab 2: Buffer Overflows and Defenses
  • Smashing the Stack for Fun and Profit. Aleph One. In Phrack Volume 7, Issue 49. [Link]
  • Local Stack Overflow (Basic Module). [Link]
  • Debugging Under Unix: gdb Tutorial. [Link]
  • Understanding DEP/NX [Link]
  • DynaGuard: Armoring Canary-based Protections against Brute-force Attacks. Theofilos Petsios, Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. In ACSAC'15. [Link]
[Slides]
[Lab2]
[VM Image]
Week 3, 01/23 Lab 2: Buffer Overflows and Defenses Lab 1 Due

Week 3, 01/25 Lab 2: Buffer Overflows and Defenses
Week 4, 01/30 Lab 2: Buffer Overflows and Defenses
Week 4, 02/01 Lab 3: Scanning and Reconnaissance
  • Nmap: the Network Mapper - Free Security Scanner. [Link]   Nmap man page. [Link]
  • OpenVAS: Open Vulnerability Assessment System. [Link]   Setting up OpenVAS on Kali Linux. [Link]
  • NESSUS: Vulnerability Scanner. [Link]
  • ZMap: Fast Internet-Wide Scanning and its Security Applications. Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. In UsenixSecurity'13. [Link]   Souce Code. [Link]
[Lab3]
[VM Images]
Week 5, 02/06 Lab 3: Scanning and Reconnaissance Lab 2 Due

  • Lab 3 (cont'd) and Team Projects Discussion.
Week 5, 02/08 Lab 4: Metasploit Framework
  • Metasploit Framework Project Page. [Link]
  • Metasploitable2 (Linux). [Link]
  • Armitage: Cyber Attack Management for Metasploit. [Link]
[Lab4]
[VM Images]
Week 6, 02/13 Lab 4: Metasploit Framework Lab 3 Due
Week 6, 02/15 Lab 4: Metasploit Framework
Week 7, 02/20 Lab 4: Metasploit Framework Team Project Proposals Due
Week 7, 02/22 Team Project Discussion
Week 8, 02/27 Lab 5: Reverse Engineering and Obfuscation
  • AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware. Wenbo Yang , Yuanyuan Zhang, Juanru Li, Junliang Shu, Bodong Li, Wenjun Hu, and Dawu Gu. In RAID'15. [Link]
  • DexHunter: Toward Extracting Hidden Code from Packed Android Applications. Yueqian Zhang, Xiapu Luo , Haoyang Yin. In ESORICS'15. [Link]
  • Android Software Development Kit (SDK) [Link]
  • smali/baksmali: an assembler/disassembler for the Dex. [Link]
[Lab5]
[VM Image]
Week 8, 03/02 Lab 5: Reverse Engineering and Obfuscation Lab 4 Due

Week 9, 03/06 Lab 5: Reverse Engineering and Obfuscation
Week 9, 03/08 Lab 5: Reverse Engineering and Obfuscation
Week 10, 03/13 No class
  • Holiday -- Spring Break
Week 10, 03/15 No class
  • Holiday -- Spring Break
Week 11, 03/20 Lab 6: OS Security for the Internet of Things Lab 5 Due

  • Zephyr: Real Time OS for IoT - A Linux Foundation Collaborative Project [Link]
  • Brillo: Google's Operating System for the Internet of Things. [Link]
  • Contiki: The Open Source OS for the Internet of Things. [Link]
[Lab6]
[VM Image]
Week 11, 03/22 Lab 6: OS Security for the Internet of Things
Week 12, 03/27 Lab 7: Wireless Exploitation & Defenses
Week 12, 03/29 Lab 7: Wireless Exploitation & Defenses Lab 6 Due
  • How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng. [Link]
  • Security of the WEP Algorithm. [Link]
[Lab7]
[VM Image]
Week 13, 04/03 Lab 7: Wireless Exploitation & Defenses
  • Team Projects Discussion and Lab 7.
Week 13, 04/05 Lab 8: Firewalls & Intrusion Detection Systems (IDS) Lab 7 Due
  • The Snort Project. Users Manual. [Link]
  • The Linux Firewall iptables [Link] [Link]
[Slides]
[Lab8]
[VM Image]
Week 14, 04/10 Lab 8: Firewalls & Intrusion Detection Systems (IDS)
Week 14, 04/12 Lab 8: Firewalls & Intrusion Detection Systems (IDS)
Week 15, 04/17 Final Project Presentations Lab 8 Due

Week 15, 04/19 Final Project Presentations Team Project Final Reports Due