CSCI 4830/7000 - Ethical Hacking Seminar - Fall 2014
Course Information Sheet
Aug 25, 2014
You are responsible for everything on this handout. Please read it.
What's This Course About??
This is a hands-on course about computer security. Security is a vast
area, so we cannot hope to cover more than a fraction of introductory
material, but we will be ambitious. Expect to work hard.
Meetings
4830: MWF 10:00am-10:50am (Room ECCS 112)
7000: MWF 12:00pm-12:50pm (Room ECCS 1B14)
Instructor
Grading
There will be occasional homeworks. There will be occasional quizzes.
The final is a live exercise.
Graduate students will additionally be required to complete a project.
More details will be given later in the course.
45% homework, 25% quizzes, 20% final exam, 10% class participation.
Prerequisites
The prerequisites for this class are pretty severe:
- Architecture (you know assembly language and computer organization),
- Networks (you know what ARP, DHCP, DNS, UDP, TCP/IP, ICMP do and how they
work; you know the basics of Ethernet and 802.11, you know what a NAT box is,
what a gateway is, what a firewall is, and the difference between a switch
and a router)
- Operating Systems (you know what a kernel is, you understand processes,
threads, virtual memory, file systems, dynamic linkers, machine virtualization,
etc)
- Programming Languages (you know how high-level languages are converted
into machine code, how parameters are passed; you've seen and are familiar
with a wide-variety of languages)
- Web technology (you know the basic set-ups for common web-technology
platforms)
Ideally, you will have some exposure and experience with the following as
well:
- System Administration (you have administered at least your own machine
and perhaps a few others; you have experience with Windows and Unix/Linux)
- Security Issues (you know the basics of password strength, perhaps
you know how /etc/passwd works on Unix; you know what a DoS attack is)
- Application Frameworks (you know how most major network services work
like SMTP, FTP, HTTP, SSH; you know web-based technology)
- Polyglot (you know a few languages like Bourne/bash, C, C++, Java, Perl,
Python, Ruby, PHP, HTML, Javascript, SQL)
Finally, you have the heart of a hacker. That is, you are not afraid to
dive in and learn something even if you know nothing about it. You love
computers and technology and are willing to spend hours rooting out the
tiniest details in order to find what you need.
There is no way any of us (myself included) have mastered everything in the
list above. But students who find themselves with major gaps in the
first list (basic CS background) are probably going to have a rough time in
this class; I reserve the right to refuse admission to the class for those
who lack the appropriate background.
If you want to do a self-assessment, try the hacking test
at http://www.cs.colorado.edu/~jrblack/hacktest.html
Textbook
Gray Hat Hacking
Course Web page
We will maintain useful information on the course
web page:
http://www.cs.colorado.edu/~jrblack/class/csci7000/f14
Visit the above page regularly to see what's new.
If you miss a handout, get it from here.
Make John Happy
There are several ways to make me happy:
- Come to my office only during office hours or with an appointment.
(I have a one-track mind and don't handle interruptions well; if
people are constantly dropping by without an appointment, I'll never
get anything done.)
- Before you ask me or the TA for help, make sure you have made a
significant effort to answer the question for yourself; it is obvious
when a student has worked hard to resolve her/his problem before
coming to office hours, and I am far more likely to be helpful for
these students
- Don't try to ply me for more points.
(If there is an obvious grading error,
I'm happy to correct it immediately, but if you constantly argue
for more partial credit in some gray area, I will exhibit very
little patience.)
- Come to class on time. (I don't mind people coming in
late once in a while, but please don't make a habit of it: it's
disrespectful.)