CSC 5991 Cyber Security Practice: Fengwei Zhang

CSC 5991 Cyber Security Practice

Winter 2016 --- Fengwei Zhang

Instructor: Fengwei Zhang
Class Location: State Hall (STAT) 0318
Class Time: Monday, Wednesday 11:00AM - 12:20PM
Syllabus: [PDF]

Office Hours: Monday, Wednesday 12:20PM - 1:20PM
Office Address: Maccabees Building, Room 14109.3
Homepage: http://fengwei.me
Email: fengwei (at) wayne (dot) edu

Course Description

This course provides hands-on experience in playing with security software and network systems in a live laboratory environment, with the purpose of understating real-world threats. The course will take both offensive and defense methods to help student explore security tools and attacks in practice. It will focus on attacks (e.g., buffer overflow, heap spray, kernel rootkits, and denial of service), hacking fundamentals (e.g., scanning and reconnaissance), defenses (e.g., intrusion detection systems and firewalls). Students are expected to finish intensive lab assignments that use real-world malware, exploits, and defenses.

Course Objectives

This course offers an in depth experience of real-world threats and defenses. Upon successful completion of this class, the student will gain experience in:

Understanding on real-world security vulnerabilities, exploits and defenses
Having hands-on labs in network and system security experiments
Learning knowledge of practical security problems and their solutions

Prerequisites

CSC4290 (Introduction to Computer Networking), CSC4420 (Computer Operating Systems), and CSC5270 (Computer Systems Security); or permission of the instructor.

Grading Policy

Topics	Grade
Class Participation	100
Lab 1: Packet Sniffing and Wireshark	80
Lab 2: Buffer Overflows and Defenses	80
Lab 3: Scanning and Reconnaissance	80
Lab 4: Metasploit Framework	80
Lab 5: Reverse Engineering and Obfuscation	80
Lab 6: OS Security for the Internet of Things	80
Lab 7: Wireless Exploitation & Defenses	80
Lab 8: Firewalls & Intrusion Detection Systems (IDS)	80
Team Project	260
Total	1000

Academic Dishonesty

Please read and adhere to the University's Academic Integrity Page and WSU Student Code of Conduct.

Student Disabilities Services

If you have a documented disability that requires accommodations, you will need to register with Student Disability Services for coordination of your academic accommodations. The Student Disability Services (SDS) office is located in the Adamany Undergraduate Library. The SDS telephone number is 313-577-1851 or 313-202-4216 (Videophone use only).

Class Schedule

Date	Topic	Reading & Notes (tentative)	Slides & Labs
Week 1, 01/11	Course overview	VMware software and Microsoft products through Dreamspark at WSU. [Link] Kali Linux - Penetration Testing Linux Distribution. [Link]	[Slides]
Week 1, 01/13	Lab 1: Packet Sniffing and Wireshark	Wireshark: Network protocol analyzer. [Link] TCPDump and LibPCAP. [Link] Packet Sniffing Basics. In Linux Journal. [Link]	[Slides] [Lab1] [VM Image]
Week 2, 01/18	No Class	Holiday -- Martin Luther King Day
Week 2, 01/20	Lab 1: Packet Sniffing and Wireshark
Week 3, 01/25	Lab 2: Buffer Overflows and Defenses	Smashing the Stack for Fun and Profit. Aleph One. In Phrack Volume 7, Issue 49. [Link] Local Stack Overflow (Basic Module). [Link] Debugging Under Unix: gdb Tutorial. [Link] Understanding DEP/NX [Link] DynaGuard: Armoring Canary-based Protections against Brute-force Attacks. Theofilos Petsios, Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. In ACSAC'15. [Link]	[Slides] [Lab2] [VM Image]
Week 3, 01/27	Lab 2: Buffer Overflows and Defenses	Lab 1 Due
Week 4, 02/01	Lab 2: Buffer Overflows and Defenses	Lab 1 Grades and Solutions on Blackboard. [Link]
Week 4, 02/03	Lab 2: Buffer Overflows and Defenses
Week 5, 02/08	Lab 3: Scanning and Reconnaissance	Nmap: the Network Mapper - Free Security Scanner. [Link] Nmap man page. [Link] OpenVAS: Open Vulnerability Assessment System. [Link] Setting up OpenVAS on Kali Linux. [Link] NESSUS: Vulnerability Scanner. [Link] ZMap: Fast Internet-Wide Scanning and its Security Applications. Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. In UsenixSecurity'13. [Link] Souce Code. [Link]	[Lab3] [VM Images]
Week 5, 02/10	Lab 3: Scanning and Reconnaissance	Lab 2 Due Lab 3 (cont'd) and Team Projects Discussion.	[Slides]
Week 6, 02/15	Lab 4: Metasploit Framework	Lab 2 Due Metasploit Framework Project Page. [Link] Metasploitable2 (Linux). [Link] Armitage: Cyber Attack Management for Metasploit. [Link]	[Lab4] [VM Images]
Week 6, 02/17	Lab 4: Metasploit Framework	Lab 3 Due Lab 2 Grades and Solutions on Blackboard. [Link]
Week 7, 02/22	Lab 4: Metasploit Framework	Lab 3 Grades and Solutions on Blackboard. [Link]
Week 7, 02/24	Lab 4: Metasploit Framework	Team Project Proposals Due Team 1: Zhenyu Ning and Leilei Ruan. Team 2: Shruthipriya Soranjerry Baskar and Jayasurya Santhanagopal. Team 3: Rachna Naik and Keya Shah. Team 4: Jacob Heaney and Lucas Copi. Team 5: Rui Chen and Chiara Conflitti. Team 6: Mohammed Yasa, Daniel Mackay, and Zaid Nackasha. Team 7: Isaac Tedla.
Week 8, 02/29	Lab 5: Reverse Engineering and Obfuscation	Team Projects Discussion and Lab 5. AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware. Wenbo Yang , Yuanyuan Zhang, Juanru Li, Junliang Shu, Bodong Li, Wenjun Hu, and Dawu Gu. In RAID'15. [Link] DexHunter: Toward Extracting Hidden Code from Packed Android Applications. Yueqian Zhang, Xiapu Luo , Haoyang Yin. In ESORICS'15. [Link] Android Software Development Kit (SDK) [Link] smali/baksmali: an assembler/disassembler for the Dex. [Link]	[Team Projects] [Lab5] [VM Image]
Week 8, 03/02	Lab 5: Reverse Engineering and Obfuscation	Lab 4 Due
Week 9, 03/07	Lab 5: Reverse Engineering and Obfuscation	Lab 4 Grades and Solutions on Blackboard. [Link]
Week 9, 03/09	Lab 5: Reverse Engineering and Obfuscation
Week 10, 03/14	No class	Holiday -- Spring Break
Week 10, 03/16	No class	Holiday -- Spring Break
Week 11, 03/21	Lab 6: OS Security for the Internet of Things	Lab 5 Due Zephyr: Real Time OS for IoT - A Linux Foundation Collaborative Project [Link] Brillo: Google's Operating System for the Internet of Things. [Link] Contiki: The Open Source OS for the Internet of Things. [Link]	[Lab6] [VM Image]
Week 11, 03/23	Lab 6: OS Security for the Internet of Things	Lab 5 Due
Week 12, 03/28	Team Project Checkpoint		[Team Projects]
Week 12, 03/30	Lab 7: Wireless Exploitation & Defenses	Lab 6 Due Guest Lecture Dr. Constantinos Kolias. [Link] Lab 5 Grades and Solutions on Blackboard. [Link]	[Slides] [Attacks Notes] [Video1] [Video2]
Week 13, 04/04	Lab 7: Wireless Exploitation & Defenses	How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng. [Link] Security of the WEP Algorithm. [Link]	[Lab7] [VM Image]
Week 13, 04/06	Lab 7: Wireless Exploitation & Defenses	Lab 6 Grades and Solutions on Blackboard. [Link]
Week 14, 04/11	Lab 8: Firewalls & Intrusion Detection Systems (IDS)	Lab 7 Due The Snort Project. Users Manual. [Link] The Linux Firewall iptables [Link] [Link]	[Slides] [Lab8] [VM Image]
Week 14, 04/13	Lab 8: Firewalls & Intrusion Detection Systems (IDS)	Lab 7 Grades and Solutions on Blackboard. [Link]
Week 15, 04/18	Lab 8: Firewalls & Intrusion Detection Systems (IDS)
Week 15, 04/20	Final Project Presentations	Lab 8 Due
Week 16, 04/25	Final Project Presentations	Team Project Final Reports Due

Acknowledgement: This course includes material from Dr. Angelos Stavrou.