Kyle C. Hale
Office Hours: T 3:30PM-5PM @ SB 229C (first half of semester)
E-mail: khale [at] cs [dot] iit [dot] edu
Office Hours: T/TR 3:05PM-4:05PM @ SB 208C (second half of semester)
E-mail: dong [dot] jin [at] iit [dot] edu
Office Hours: T 1:30PM-3:30PM @ SB 019
E-mail: gchen31 [at] hawk [dot] iit [dot] edu
Course number: CSP 544
Semester: Spring 2020
Lecture Time: Tues/Thurs 11:25AM - 12:40PM
Lecture Location: Stuart 239
We increasingly live in a digitally-connected world. More of our personal systems, national infrastructures, automobiles, and smart devices are becoming internet-connected, so the importance of secure systems is more critical than ever. Unfortunately, tracking the trend for internet-connected systems is an increasing prevalence of malicious actors and criminals intent on breaking, subverting, and otherwise sabotaging important systems. Billions of dollars are lost and thousands of lives are affected by such cybercrime, and there is a dearth of trained talent to offset these trends. We must endeavor to train ethical hackers with strong cyber-security techniques, who understand the toolkits and trades employed by cybercriminals, and imbue them with an ethos of using their knowledge for good. This course will be a programming-based, learn-by-doing-oriented course focused on applying foundational principles in security to real systems and networks . You will implement several real attacks and take advantage of several recreated vulnerable systems in order to understand the modern landscape of network and systems security. Other than implementing our own attacks, we will also be looking at various case studies of attacks and defense strategies, including known exploit proofs-of-concept, published papers, and documents from security agencies and cyber-security research firms.
|16||4/30||Final Exam||Full class time||all lectures, all labs|
|1||Environment Variables and SetUID||Tuesday, 1/21 before class||Lab 1 link|
|2||Buffer Overflows||Tuesday, 1/28 before class||Lab 2 link|
|3||Return-oriented Programming||Tuesday, 2/4 @ 11:59 PM||Lab 3 link|
|4||Format String Vulnerabilities||Thursday, 2/6 @ 11:59 PM||Lab 4 link|
|5||Exploiting Speculative Execution||Tuesday, 2/11 @ 11:59 PM||Lab 5 link|
|6||Code Injection and Binary Exploitation||Thursday, 2/20 @ 11:59 PM||Lab 6 link|
|7||Kernel Backdoors and Rootkits|
|13||Packet Sniffing and Spoofing|
There are no required textbooks for this course. However, there are several recommended texts, the first of which will be very helpful in completing the labs:
We will primarily be using virtual machine images to set up vulernable environments for you to exploit. Thus, in order to do the labs, you'll need to set up a hypervisor/VMM on your machine to complete the labs. You should be able to use VirtualBox, VMware, or libvirt. We'll be using the SEED Labs for most of the class, but we will augment them with our own. You can see here to get set up for the labs.
This is a list of other resources that you might find useful for this class and for doing work in the security area in general. Feel free to peruse them at your own convenience.