CMSC 491/791 Active Cyber Defense

Fall 2019

Prof. Charles Nicholas
410-455-2594
nicholas@umbc.edu
ITE 356
Office hours: MW 2:30-4pm,
but it's fine to call or send email before coming to see me, since my schedule may change from week to week at short notice.

We have two TAs for this course. They will hold office hours in ITE 366. Their office schedule is:
R.J. Joyce <joyce8@umbc.edu>
Tuesday 2-3pm Wednesday 4-6pm
Anna Staats <astaats1@umbc.edu> TBD

Course information

No Class on Wednesday August 28!

Class begins on Wednesday, 7:10-9:25pm, beginning September 4, 2018

The class meets in the Public Policy building, in PUP 105.

Prerequisites:

Interest in cyberdefense, including inter-collegiate competition. Computer Science background equivalent to Data Structures CMSC 341 is assumed.

Permission of the instrcutor is required in order to enroll. Send email to nicholas@umbc.edu from your UMBC email address, and tell me your name
AND your student ID. You may attend the class sessions even if you are not enrolled. The Cyberdefense club meets in the same
place and time.

This is NOT an entry-level systems or security course. Students are expected to have a working knowledge of the Windows and Unix operating systems, networks, and/or software development techniques, along with interest if not experience in planning and conducting both penetration testing and countermeasures development.

Overview

• The purpose of this course is to provide a means of awarding academic credit to those who intend to participate in the UMBC CyberDefense Club weekly meetings.
• This is a HANDS ON course. Bring your laptop, and your power cord!
• Everybody will be required to participate in some fashion in the cyberdefense competition that the Cyberdawgs will be organizing this fall. Performance in that event may qualify you for membership in our Cyberdefense Team, which won the 2017 National Collegiate Cyber Defense Competition.
• Everybody is welcome at this and future class meetings, even if not enrolled in the class.
• This class was taught for the first time in Fall 2017, and the web sites for Fall 2017 and Fall 2018 are still available.

Notes on the Schedule (Subject to Change)

• August 28, 2019
  NO CLASS
  
  
• September 4
  This will be an introduction and orientation session. Not a Cyberdawg meeting as such, since those will begin the following week.
  You are welcome to attend if that helps you decide whether to enroll in the class, or if it helps you decide if you want to be involved in the Cyberdefense club.
  Discuss how grades will be assigned, what homeworks might be given, and so forth. Attendance but also active participation are important!
  People who master the material to the point where they can effectively help others are likely to be awarded a good grade.
  I anticipate giving many As, many Bs, and few if any lower grades.
  Many of you will choose to be graded P/F, which is fine, too!
  Experienced club members will be able to talk about how to get started
  Piazza invite link: piazza invite
  There is a homework assignment here. Homework 1 must be turned in no later than 7pm Wednesday September 11 to receive credit.
  There is a UMBCCD email list, which you can join from the club web page UMBC CyberDefense Club.
  
  
• September 11
  Homework 1 must be turned in no later than 7pm Wednesday September 11 to receive credit.
  We will go over Homework 1 in class.
  Introduction to Capture The Flag competitions. We'll conduct a beginner CTF competition.
  To start the CTF, visit http://ctf.notanexploit.club and create or join a team! The CTF will remain open until next week's class.
  Homework 2 is now available. It is based on the CTF. You should email your complete homework, as a docx file, to RJ and Nicholas.
  Join us for CSAW qualifiers this weekend!
  Here is information on the NSA Code Breaker Challenge. This is one of the cyber competitions that meet the class requirment for competition experience.
  I have become aware of AvengerCon . We will look into this as a way of satisfying the course competition requirement.
  
  
• September 18
  Linux Hardening
  Homework 2 must be turned in no later than 7pm Wednesday September 18.
  Homework 3 has been released.
  Here are the slides for tonight.
  One of the easier solutions for the CTF
  Here is some information about a Cyber Aptitude Test that you can try!
  Do you want to try another CTF? Our friends at Assured Information Security have made theirs available. This one might very well count as the competition credit for this course...
  
  
• September 25
  Windows Hardening
  Dan Guernsey discusses the NSA Codebreaker Challenge
  Homework 4 has been released.
  The slides prepared by Anna and Seamus
  
  
• October 2
  Firewalls and Networking
  Cyrus Bonyadi's slides (pdf)
  Homework 5 has been released.
  
  
• October 9
  Incident Response
  Homework 6 has been released. For this and all future homeworks: just attach a file with your work. DO NOT ask RJ and I to access your Google Drive, or any other third party storage, in order to see your work.
  Slides for tonight. (ppt)
  The virtual machine you'll need: (IncidentResponseLab.ova course web site) (IncidentResponseLab.ova CKN's Dropbox.)
  (Beware! this file is about 3.3 gigs in size. downloading in class would not be a good idea.)
  Will discuss methods for detecting intrusions and proper mitigation techniques
  Warning! PicoCTF counts towards the class competition requirement, BUT it ends on October 11. No PicoCTF credit will be given after that date!
  Sign up to play CDE next weekend! Talk to or send email to Anna Staats <astaats1@umbc.edu>.
  
  
• October 16
  How to win CDE (ppt)
  How to win CCDC (ppt)
  Introduction to red team / blue team competitions.
  Tomorrow! Attend the Lockheed Martin Lecture Series- Dr. Alfred Aho ITE 104
  
  
• October 23
  A variety of short talks by experienced club members!
  Short talks from a number of people. No more than ten minutes.
  Nicholas will talk about an application of tensor decomposition. (pdf)
  The Kaizen CTF will take place on Friday, October 25, 4-9pm, ITE 229. This event also counts towards the competition requirement.
  
  
• October 30
  Web Hacking and SQL Injection slides(ppt)
  Homework 7 has been released - Bates Motel web hacking CTF (some pre-Halloween fun!)
  
  
• November 6
  Lockpicking, hosted by our sponsor BlueStar.
  
  
• November 13
  Offensive Security
  Introduction to penetration testing, metasploit, and other offensive security concepts/tools.
  Slides for tonight.
  Homework for tonight. The C program (updated Wednesday 8:15pm) you will need.
  You'll need two virtual machines, one linux distro of your choice (preferably Kali) and one Metasploitable VM (https://sourceforge.net/projects/metasploitable/files/Metasploitable2/). Please come prepared with these downloaded.
  RIT is hosting an online CTF from Nov 15th - 17th. Details can be found here: https://ctftime.org/event/898
  This CTF fulfills the competition requirement for the course. Solve 500 points worth of problems and send a writeup of your solutions including the flags to RJ by 11:59pm on the 17th.
  
  
• November 20
  Nicholas will give a preview of next semester's course on Malware Analysis
  Discussion on how to improve this Active Cyber Defense course
  
  
• November 27
  No class on this date, it being Thanksgiving Eve,
  
  
• December 4
  King of the Hill!
  Tonight's homework.
  
  The Student Evaluation of Educational Quality (SEEQ) is a standardized course evaluation instrument used to provide measures of an instructor’s teaching effectiveness.  The results of this questionnaire will be used by promotion and tenure committees as part of the instructor’s evaluation. The Direct Instructor Feedback Forms (DIFFs) were designed to provide feedback to instructors and they are not intended for use by promotion and tenure committees. The responses to the SEEQ and the DIFFs will be kept confidential and will not be distributed until final grades are in.
  
  Please, take a few minutes to complete the course survey for CMSC 491/791, which provides valuable feedback for me, the program, and the university.  I really appreciate the time that you take to complete these surveys, and the department takes them seriously as a way to keep improving the course.
  
  While you're at it, please complete the course surveys for all of your courses, and ask your friends to do the same!  The administration actually does look at the data and we do our best to work with departments and faculty to address problems, and to reward and recognize great teaching.
  
  Thanks!
  
  
• There is NO final exam in this class...
  
  

Reading List

We will develop the reading list as we go. Students should know how to use the UMBC Library research port and other facilities to get access to papers they want. I suggest using a paper management system such as Mendeley. Suggestions for improving this list are welcome.

Textbook(s): None

The following book(s) are not required, but may be helpful:

Cyberoperations, by Mike O'Leary, second edition

Windows Internals, Parts 1 and 2, by Mark Russinovich

Hacking: the art of exploitation, by Jon Erickson.

Be careful when dowloading "free" copies of this or similar books! Additional resources, varying in quality, can be found on Wikibooks and other places.

Course Policies

Grading

Students enrolled in CMSC 491 will be expected to attend and participate in the weekly Cyberdawg meetings, including the prep work that may be announed before or after each class session. Also, to suggest resources that could be added to this site, such as on-line tutorials, tools, YouTubes, and so forth.

Students enrolled in CMSC 791 will be subject to the same expectations as students in 491.

Grading Scheme: 20% attendance, 20% compeition participation, 60% homeworks. Homeworks are equal weight, and there will be 8-10 of them.

 

Abuse of Resources PAY ATTENTION TO THIS!

Abuse of the knowledge or experience you gain in this course may subject you to discipline under UMBC policy and/or criminal prosecution. Do not expect your status as a student to protect you if you break the law! Hacking into campus computers (other than systems approved for such a purpose) is a violation of UMBC policy, and may result in disciplinary action possibly including expulsion, in addition to possible criminal charges.

Academic Honesty

Academic dishonesty of any kind will be handled in accordance with University policy.

"By enrolling in this course, each student assumes the responsibilities of an active participant in UMBC's scholarly community, in which everyone's academic work and behavior are held to the highest standards of honesty. Cheating, fabrication, plagiarism, and helping others to commit these acts are all forms of academic dishonesty, and they are wrong. Academic misconduct could result in disciplinary action that may include, but is not limited to, suspension or dismissal. To read the full Student Academic Conduct Policy, consult the UMBC Student Handbook, the Faculty Handbook, or the UMBC Policies section of the UMBC Directory." [Statement adopted by UMBC's Undergraduate Council and Provost's Office.]

 

Title IX

Any student who has experienced sexual harassment or assault, relationship violence, and/or stalking is encouraged to seek support and resources. There are a number of resources available to you.

With that said, as an instructor, I (Prof. Nicholas, but this applies also to RJ) am considered a Responsible Employees, per UMBC'S interim Policy on Prohibited Sexual Misconduct, Interpersonal Violence, and Other Related Misconduct. This means that while I am here to listen and support you, I am required to report disclosures of sexual assault, domestic violence, relationship violence, stalking, and/or gender—based harassment to the University's Title IX Coordinator. The purpose of these requirements is for the University to inform you of options, supports, and resources.

You can utilize support and resources even if you do not want to take any further action. You will not be forced to file a police report, but please be aware, depending on the nature of the offense, the University may take action.

If you need to speak with someone in confidence about an incident, UMBC has the following Confidential Resources available to support you:

The Counseling Center: 410-455-2742 (M-F 8:30-5)

University Health Services: 410-455-2542 (M-F 8:30—5)

For after-hours emergency consultation, call the police at 410-455-5555

Other on-campus supports and resources:

The Women’s Center (available to students of all genders): 410-455-2714 (M-Th 9:30-6pm, F 9:30-4pm)

Title IX Coordinator: 410-455-1606 (9-5)

Child Abuse and Neglect

Please note that Maryland law requires that I report all disclosures or suspicions of child abuse or neglect to the Department of Social Service and/or the police.

 

Resources

A collection of resources will be made available.. Suggestions are welcome!

This web site's URL should be https://www.csee.umbc.edu/courses/undergraduate/CMSC491activeCyber/