CSCI 4830/7000 - Ethical Hacking Seminar - Spring 2011
Course Information Sheet
Jan 11, 2011
You are responsible for everything on this handout. Please read it.
What's This Course About??
This is a hands-on course about computer security. We won't draw many
boundaries on the coverage of topics... anything from very low-level kernel
and hardware topics all the way up to web apps. We will certainly cover
exploit techniques, but we might venture into rootkits and forensics as
well. Almost nothing is off-limits.
Meetings
MW 4:00pm-4:50pm (Room ECCR E118)
Instructor
Grading
There will be occasional homeworks. There will be occasional quizzes.
There will be live exercises (extra credit only).
Graduate students will additionally be required to complete a project.
More details will be given later in the course.
Grade weights for undergrads: 45% homework, 45% quizzes, 10% class
participation. For grads: 35% homework, 35% quizzes, 20% project,
10% class participation.
Prerequisites
This is primarily a graduate course. We have it cross-listed as an
undergraduate course so as not to exclude advanced undergraduates who
are nearly finished or who have taken the initiative to learn substantially
more than what their classes teach them.
Given the above, the prerequisites for this class are pretty severe: you
should have at LEAST an undergraduate education in computer science. This
means
- Architecture (you know assembly language and computer organization),
- Networks (you know what ARP, DHCP, DNS, UDP, TCP/IP, ICMP do and how they
work; you know the basics of Ethernet and 802.11, you know what a NAT box is
and what a gateway is)
- Operating Systems (you know what a kernel is, you understand processes,
threads, virtual memory, file systems, dynamic linkers, machine virtualization,
etc)
- Programming Languages (you know how high-level languages are converted
into machine code, how parameters are passed; you've seen and are familiar
with a wide-variety of languages)
Ideally, you will have some exposure and experience with the following as
well:
- System Administration (you have administered at least your own machine
and perhaps a few others; you have experience with Windows and Unix/Linux)
- Security Issues (you know the basics of password strength, perhaps
you know how /etc/passwd works on Unix; you know what a DoS attack is)
- Application Frameworks (you know how most major network services work
like SMTP, FTP, HTTP, SSH; you know web-based technology)
- Polyglot (you know a few languages like Bourne/bash, C, C++, Java, Perl,
Python, Ruby, PHP, HTML, Javascript, SQL)
Finally, you have the heart of a hacker. That is, you are not afraid to
dive in and learn something even if you know nothing about it. You love
computers and technology and are willing to spend hours rooting out the
tiniest details in order to find what you need.
There is no way any of us (myself included) have mastered everything in the
list above. But students who find themselves with major gaps in the
first list (basic CS background) are probably going to have a rough time in
this class. If you want to do a self-assessment, try the hacking test
at http://www.cs.colorado.edu/~jrblack/hacktest.html
Textbook
Gray Hat Hacking
Course Web page
We will maintain useful information on the course
web page:
http://www.cs.colorado.edu/~jrblack/class/csci7000/s11
Visit the above page regularly to see what's new.
If you miss a handout, get it from here.
Make John Happy
There are several ways to make me happy:
- Come to my office only during office hours or with an appointment.
(I have a one-track mind and don't handle interruptions well; if
people are constantly dropping by without an appointment, I'll never
get anything done.)
- Don't try to ply me for more points.
(If there is an obvious grading error,
I'm happy to correct it immediately, but if you constantly argue
for more partial credit in some gray area, I will exhibit very
little patience.)
- Come to class on time. (I don't mind people coming in
late once in a while, but please don't make a habit of it: it's
disrespectful.)