CMSC 491/791 Active Cyber Defense

Fall 2018

Prof. Charles Nicholas
410-455-2594
nicholas@umbc.edu
ITE 356
Office hours: MW 2:30-4pm,
but it's fine to call or send email before coming to see me, since my schedule may change from week to week at short notice.

We have two undergraduate TAs for this course. They will hold office hours in ITE 366, as follows.
Kevin Bilzer <kbilzer1@umbc.edu> Tuesday 5:30-7pm, and Wednesday 4-6pm
Seamus Burke <sburke1@umbc.edu> Wednesday 4-6pm, and Thursday 5:30-7pm

Course information

Wednesday, 7:10-9:25pm, beginning September 5, 2018

The class meets in the Public Policy building, in PUP 105.

Prerequisites:

Interest in cyberdefense, including inter-collegiate competition. Computer Science background equivalent to Data Structures CMSC 341 is assumed
sometimes, but is not required.

Permission of the instrcutor is required in order to enroll. Send email to nicholas@umbc.edu from your UMBC email address, and tell me your name
AND (your date of birth or your student ID). You may attend the class sessions even if you are not enrolled. The Cyberdefense club meets in the same
place and time.

At this point, everybody who has asked for permission has been responded to. If you have not received permission, contact me again...

If you're on the waiting list, come to class anyway! There will be room, and I hope to let in as many as possible from the waiting list.

This is NOT an entry-level systems or security course. Students are expected to have a working knowledge of the Windows and Unix operating systems, networks, and/or software development techniques, along with interest if not experience in planning and conducting both penetration testing and countermeasures development.

Overview

The purpose of this course is to provide a means of awarding academic credit to those who intend to participate in the UMBC CyberDefense Club weekly meetings.
This is a HANDS ON course. Bring your laptop!
Everybody will be required to participate in some fashion in the cyberdefense competition that the Cyberdawgs will be organizing this fall. Performance in that event may qualify you for membership in our Cyberdefense Team, which won the 2017 National Collegiate Cyber Defense Competition.
Everybody is welcome at this and future class meetings, even if not enrolled in the class.
This class was taught for the first time in Fall 2017, and the syllabus from that class is available.

Notes on the Schedule

August 29, 2018
NO CLASS
September 5
This will be an introduction and orientation session. Not a Cyberdawg meeting as such, since those will begin the following week.
You are welcome to attend if that helps you decide whether to enroll in the class, or if it helps you decide if you want to be involved in the Cyberdefense club.
We discussed how grades will be assigned, what homeworks might be given, and so forth. Attendance but also active participation are important!
People who master the material to the point where they can effectively help others are likely to be awarded a good grade.
I anticipate giving many As, many Bs, and few if any lower grades.
Experienced club members will be able to talk about how to get started
This will be the first club meeting as such. There is a UMBCCD email list, which you can join from the club web page UMBC CyberDefense Club.
September 12
Web exploitation
Vulnerabilities based on PHP and SQL. There are LOTS of sites on the web that allow people to practice such attacks.
Last week, we made a list of topics for the small group writing projects.
- Ransomware
- Password Cracking
- Secure Coding
- Network Recon
- Dynamic Analysis
- Phishing Mitigation
- System Hardening
- Backdoor Finding
- Bluetooth Vulnerabilities
- Exploit Kits
- Post-Exploitation Frameworks
- Application of AI/ML
- Web Session Hacking
- Network MITM Attacks
- Stegonography
- IoT
- Side-Channel Attacks
- Windows RPCs
- Rootkits
- VM Security
- Container Security
We can add to that list tonight. I'll also say more about what is expected of these writing projects.
The CTF Scoreboard with questions: https://ctf.notanexploit.club/

link for the homework: https://goo.gl/forms/Zq9YpeDi0rDoAO7w1
September 19
Introduction to (or review of) UNIX
The materials presented are available at the Cyberdawg's github site
For fans of Red Hat, or CENTOS, here's a good overview of Linux concepts and commands but that may be a little dated. If you have a suggestion for a better Linux overview, let me know. The homework for tonight is found here.
September 26
The networking slides Zack used are on the Git site, as usual. The homework for tonight is found here
October 3
Overview of CCDC. Materials available on the Git site as usual.
October 10
Topic: Firewalls.
The Firewalls homework is found at https://goo.gl/forms/Xc4AQPKcfba1TwfQ2

By the end of class tonight, please send email to Prof. Nicholas with your plans for your Witing Project. You can work on your own, or teams of two or maybe three.Send me an email with a 2-3 sentence description of your topic, including what sources you are thinking of using. Don't rely on Wikipedia alone. Length will be 3-5 pages per perosn. That is, a one-person writeup will be 3-5 pages, and a three-person writeup will be 9-15 pages. In the three-person case, 9-12 pages is fine.

Make sure you cite at least three sources. No more than one of those can be Wikipedia. Include at least one figure. Cite the source unless it's your own artistic creation.

The Writing Project will be due on the last Wednesday in November - which is the Wednesday after Thanksgiving.
October 17
Plans for your Writing Project are due tonight.

Topic: Offensive Security
A link to a pre-made Kali image: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/
October 24
The link to this week's homework is https://goo.gl/forms/60ivibOskarVtKHG2
October 31
Boo!
Introduction to CTFs, and no homework this week! Slides on github as usual.
November 7
Offensive Security, Part II
November 14
Offensive Security, Part III, King of the Hill
Homework assignment is here. Due Wednesday of next week.
November 21
no class Wednesday before Thanksgiving
A programming assignmnet has been made. See the notice on slack, or visit https://goo.gl/forms/1MJ4CCIEwJUitwrV2
November 28
Writing Projects are due at 7pm tonight. Parsons CTF!
Send your paper to me (nicholas@umbc.edu) by email. PDF only - no other format will be accepted.
December 5
Last day of class - Nicholas gives a preview of the malware analysis class. and maybe some special guests.

Take a few minutes to complete the course survey for CMSC 491/791, which provides valuable feedback for me, the program, and the university. I really appreciate the time that you take to complete these surveys, and the department takes them seriously as a way to keep improving the course.

While you're at it, please complete the course surveys for all of your courses, and ask your friends to do the same! The administration actually does look at the data and we do our best to work with departments and faculty to address problems, and to reward and recognize great teaching.

Thanks!
December 12
No class today, since this is the "study day"
No final exam in this class...

Reading List

We will develop the reading list as we go. Students should know how to use the UMBC Library research port and other facilities to get access to papers they want. I suggest using a paper management system such as Mendeley. Suggestions for improving this list are welcome.

Textbook(s): None

The following book(s) are not required, but may be helpful:

Cyberoperations, by Mike O'Leary

Windows Internals, Parts 1 and 2, by Mark Russinovich

Hacking: the art of exploitation, by Jon Erickson.

Be careful when dowloading "free" copies of this or similar books! Additional resources, varying in quality, can be found on Wikibooks and other places.

Course Policies

Grading

Students enrolled in CMSC 491 will be expected to attend and participate in the weekly Cyberdawg meetings, including the prep work that may be announed before or after each class session. Also, to suggest resources that could be added to this site, such as on-line tutorials, tools, YouTubes, and so forth.

Students enrolled in CMSC 791 will be subject to the same expectations as students in 491, but in addition, will be expected to prepare material that may be useful in future offerings of this or similar courses.

Grading Scheme: 15% attendance, 15% compeition participation, 15% writing project, 55% homeworks. Homeworks are equal weight, and there will be 9 of them.

Abuse of Resources PAY ATTENTION TO THIS!

Abuse of the knowledge or experience you gain in this course may subject you to discipline under UMBC policy and/or criminal prosecution. Do not expect your status as a student to protect you if you break the law! Hacking into campus computers (other than systems approved for such a purpose) is a violation of UMBC policy, and may result in disciplinary action possibly including expulsion, in addition to possible criminal charges.

Academic Honesty

Academic dishonesty of any kind will be handled in accordance with University policy.

"By enrolling in this course, each student assumes the responsibilities of an active participant in UMBC's scholarly community, in which everyone's academic work and behavior are held to the highest standards of honesty. Cheating, fabrication, plagiarism, and helping others to commit these acts are all forms of academic dishonesty, and they are wrong. Academic misconduct could result in disciplinary action that may include, but is not limited to, suspension or dismissal. To read the full Student Academic Conduct Policy, consult the UMBC Student Handbook, the Faculty Handbook, or the UMBC Policies section of the UMBC Directory." [Statement adopted by UMBC's Undergraduate Council and Provost's Office.]

Resources

A collection of resources will be made available.. Suggestions are welcome!

This web site's URL should be https://www.csee.umbc.edu/courses/undergraduate/CMSC491activeCyber/