Computer and Network Security
Computer and Network Security is an advanced-level computer security course suitable for students who already have a strong background in computer science. In Computer and Network Security, students will be learning the fundamentals of security implementations, vulnerabilities, and exploitation with an emphasis at the network level.
This course consists of 18 sessions and students are encouraged to take each session in consecutive order. A narrow array of topics will be covered in-depth.
Registration
Registration is currently closed as maximum capacity has been reached.
Notice: I am retired from teaching and mentoring, and this course is no longer active.
General Information
- This course is not beginner-friendly. Students are expected to have a strong prerequisite background in computer science.
- Sessions consist of a mixture of lectures, whiteboards, Q+A, and demonstrations.
- Sessions can be expected to last 90-120 minutes each and are scheduled by appointment through Calendly (no Calendly registration required).
- Additional tutoring and help can be scheduled by appointment.
Full Course Overview
Session 1: Security Fundamentals
- The big picture idea of computer security
- Threat models
- Security domains
- Implementations of security
Session 2: Prelude to Buffer Overflows
- Assembly language
- Debuggers
- Computer memory
- Functions
- Stack frames
- PIE and NX
- Return addresses
- Buffer overflows
Session 3: Buffer Overflows I
- Buffer overflows
- Overwriting data
- Overwriting return addresses
- Controlling subroutine returns
- Shellcoding
- Exploit development with
pwntools
Session 4: Buffer Overflows II
- libc
- Leaking addresses
- ret2libc
Session 5: Computer Networks I
- Protocols and layering
- IEEE 802.11
- Switching
- IP, IP addressing, and subnetting
- ICMP
Session 6: Computer Networks II
- Routing
- Link-state routing
- Distance-vector routing
- Intra-domain routing
- Inter-domain routing
Session 7: Computer Networks III
- TCP
- UDP
Session 8: Computer Networks IV
- DHCP
- ARP
- DNS
Session 9: Computer Networks V
- NAT
- HTTP
- FTP
Session 10: Computer Networks VI
- SSH
- Telnet
- Tunneling
- Firewalls
Session 11: Computer Networks VII
- Cryptography
- Symmetric and asymmetric cryptography
- Public-private key cryptography
- WEP
- WPA/WPA2
Session 12: Network Security I
- Capturing handshakes
- Deauthentication attacks
- WEP cracking
- WPA/WPA2 cracking
- Evil Twin attacks
Session 13: Network Security II
- Host discovery
nmap
scanning- Vulnerability scanning
Session 14: Network Security III
- Promiscuous mode
- Monitor mode
- Wireless sniffing
- Wireshark
Session 15: Network Security IV
- MAC spoofing
- ARP spoofing
- DNS spoofing
Session 16: Network Security V
- MITM attacks
- Site cloning attacks
- Browser drive-by attacks
Session 17: Network Security VI
- Exploitation
- Metasploit
- Exploit code
- Persistence
- Backdoors
Session 18: Network Security VII
- Malware types
- Malware deployment
- Virus propagation
- Containment and killswitching