CSC 4992 Cyber Security Practice: Fengwei Zhang

CSC 4992 Cyber Security Practice

Winter 2017 --- Fengwei Zhang

Instructor: Fengwei Zhang
Class Location: Science and Engineering Library (SCLB) 050B
Class Time: Tuesday, Thursday 10:00AM - 11:15AM
Syllabus: [PDF]

Office Hours: Tuesday, Thursday 11:15AM - 12:15PM
Office Address: Maccabees Building, Room 14109.3
Homepage: http://fengwei.me
Email: fengwei (at) wayne (dot) edu

Course Description

This course provides hands-on experience in playing with security software and network systems in a live laboratory environment, with the purpose of understating real-world threats. The course will take both offensive and defense methods to help student explore security tools and attacks in practice. It will focus on attacks (e.g., buffer overflow, heap spray, kernel rootkits, and denial of service), hacking fundamentals (e.g., scanning and reconnaissance), defenses (e.g., intrusion detection systems and firewalls). Students are expected to finish intensive lab assignments that use real-world malware, exploits, and defenses.

Course Objectives

This course offers an in depth experience of real-world threats and defenses. Upon successful completion of this class, the student will gain experience in:

Understanding on real-world security vulnerabilities, exploits and defenses
Having hands-on labs in network and system security experiments
Learning knowledge of practical security problems and their solutions

Prerequisites

CSC 2110 and CSC 2111; or permission of the instructor.

Grading Policy

The grades for the course will be based upon the tables given below

Topics	Grade
Class Participation	100
Lab 1: Packet Sniffing and Wireshark	80
Lab 2: Buffer Overflows and Defenses	80
Lab 3: Scanning and Reconnaissance	80
Lab 4: Metasploit Framework	80
Lab 5: Reverse Engineering and Obfuscation	80
Lab 6: OS Security for the Internet of Things	80
Lab 7: Wireless Exploitation & Defenses	80
Lab 8: Firewalls & Intrusion Detection Systems (IDS)	80
Team Project	260
Total	1000

A	90 - 100%	C	70 - 73%
A-	87 - 89%	C-	67 - 69%
B+	84 - 86%	D+	64 - 66%
B	80 - 83%	D	60 - 63%
B-	77 - 79%	D-	57 - 59%
C+	74 - 76%	F	0 - 56%

Academic Dishonesty

Please read and adhere to the University's Academic Integrity Page and WSU Student Code of Conduct.

Student Disabilities Services

If you have a documented disability that requires accommodations, you will need to register with Student Disability Services for coordination of your academic accommodations. The Student Disability Services (SDS) office is located in the Adamany Undergraduate Library. The SDS telephone number is 313-577-1851 or 313-202-4216 (Videophone use only).

Class Schedule

Date	Topic	Reading & Notes (tentative)	Slides & Labs
Week 1, 01/10	Course overview	VMware software and Microsoft products through Dreamspark at WSU. [Link] Kali Linux - Penetration Testing Linux Distribution. [Link]	[Slides]
Week 1, 01/12	Lab 1: Packet Sniffing and Wireshark	Wireshark: Network protocol analyzer. [Link] TCPDump and LibPCAP. [Link] Packet Sniffing Basics. In Linux Journal. [Link]	[Slides] [Lab1] [VM Image]
Week 2, 01/17	Lab 1: Packet Sniffing and Wireshark
Week 2, 01/19	Lab 2: Buffer Overflows and Defenses	Smashing the Stack for Fun and Profit. Aleph One. In Phrack Volume 7, Issue 49. [Link] Local Stack Overflow (Basic Module). [Link] Debugging Under Unix: gdb Tutorial. [Link] Understanding DEP/NX [Link] DynaGuard: Armoring Canary-based Protections against Brute-force Attacks. Theofilos Petsios, Vasileios P. Kemerlis, Michalis Polychronakis, and Angelos D. Keromytis. In ACSAC'15. [Link]	[Slides] [Lab2] [VM Image]
Week 3, 01/24	Lab 2: Buffer Overflows and Defenses	Lab 1 Due
Week 3, 01/26	Lab 2: Buffer Overflows and Defenses	Lab 1 Grades on Blackboard. [Link]
Week 4, 01/31	Lab 2: Buffer Overflows and Defenses
Week 4, 02/02	Lab 3: Scanning and Reconnaissance	Nmap: the Network Mapper - Free Security Scanner. [Link] Nmap man page. [Link] OpenVAS: Open Vulnerability Assessment System. [Link] Setting up OpenVAS on Kali Linux. [Link] NESSUS: Vulnerability Scanner. [Link] ZMap: Fast Internet-Wide Scanning and its Security Applications. Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. In UsenixSecurity'13. [Link] Souce Code. [Link]	[Lab3] [VM Images]
Week 5, 02/07	Lab 3: Scanning and Reconnaissance	Lab 2 Due Lab 3 (cont'd) and Team Projects Discussion.	[Slides]
Week 5, 02/09	Lab 4: Metasploit Framework	Metasploit Framework Project Page. [Link] Metasploitable2 (Linux). [Link] Armitage: Cyber Attack Management for Metasploit. [Link]	[Lab4] [VM Images]
Week 6, 02/14	Lab 4: Metasploit Framework	Lab 3 Due
Week 6, 02/16	Lab 4: Metasploit Framework	Lab 3 Grades and Solutions on Blackboard. [Link]
Week 7, 02/21	Lab 4: Metasploit Framework	Team Project Proposals Due Team 1: Kalie Humbarger, Justin Stryjewski, Joseph Karp, Mikey Ho, and Pavan Policherla. Team 2: Jonathon Kirles, Nate Reiber, Nicholas Gallmeier, and Adrian Ionascu. Team 3: Thomas Anter, Anish Patel, Trevor Malarkey, and Yeahyea Uddin. Team 4: Hind Fathallah, Tasnia Sultana, Anh-David Ngwgn, and Amritha Gowda. Team Stardust Crusaders: Ty Austin, Nick Azzo, Richard Lin, and Mark Stiles.
Week 7, 02/23	Team Project Discussion
Week 8, 02/28	Guest Lecture	Speaker: Dr. Frank Adelstein. [Link]	[Slides]
Week 8, 03/02	Lab 5: Reverse Engineering and Obfuscation	Lab 4 Due AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware. Wenbo Yang , Yuanyuan Zhang, Juanru Li, Junliang Shu, Bodong Li, Wenjun Hu, and Dawu Gu. In RAID'15. [Link] DexHunter: Toward Extracting Hidden Code from Packed Android Applications. Yueqian Zhang, Xiapu Luo , Haoyang Yin. In ESORICS'15. [Link] Android Software Development Kit (SDK) [Link] smali/baksmali: an assembler/disassembler for the Dex. [Link]	[Lab5] [VM Image]
Week 9, 03/07	Lab 5: Reverse Engineering and Obfuscation	Lab 4 Grades and Solutions on Blackboard. [Link]
Week 9, 03/09	Lab 5: Reverse Engineering and Obfuscation
Week 10, 03/14	No class	Holiday -- Spring Break
Week 10, 03/16	No class	Holiday -- Spring Break
Week 11, 03/21	Lab 6: OS Security for the Internet of Things	Lab 5 Due Zephyr: Real Time OS for IoT - A Linux Foundation Collaborative Project [Link] Brillo: Google's Operating System for the Internet of Things. [Link] Contiki: The Open Source OS for the Internet of Things. [Link]	[Lab6] [VM Image]
Week 11, 03/23	Lab 6: OS Security for the Internet of Things	Lab 5 Due
Week 12, 03/28	Lab 7: Wireless Exploitation & Defenses	Guest Lecture Dr. Constantinos Kolias. [Link]	[Slides] [Attacks Notes] [Video1] [Video2]
Week 12, 03/30	Lab 7: Wireless Exploitation & Defenses	Lab 6 Due How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng. [Link] Security of the WEP Algorithm. [Link]	[Lab7] [VM Image]
Week 13, 04/04	Lab 7: Wireless Exploitation & Defenses	Team Projects Discussion and Lab 7.	[Slides]
Week 13, 04/06	Lab 8: Firewalls & Intrusion Detection Systems (IDS)	Lab 7 Due The Snort Project. Users Manual. [Link] The Linux Firewall iptables [Link] [Link]	[Slides] [Lab8] [VM Image]
Week 14, 04/11	Lab 8: Firewalls & Intrusion Detection Systems (IDS)
Week 14, 04/13	Lab 8: Firewalls & Intrusion Detection Systems (IDS)
Week 15, 04/18	Final Project Presentations	Lab 8 Due
Week 15, 04/20	Final Project Presentations	Team Project Final Reports Due