CMSC 491/791 Active Cyber Defense

Fall 2020

Prof. Charles Nicholas
410-455-2594
nicholas@umbc.edu
ITE 356
Office hours: MW 2:30-4pm, subject to change

I'll be holding all office hours over WebEx: https://umbc.webex.com/meet/nicholas
but it's a good idea to send email before trying to meet with me, since my schedule may change at short notice.

We have one Graduate Teaching Assistant (Mr. Robert "RJ" Joyce) and four Undergrad Teaching Fellows for this course.

The TA and UTFs will hold office hours in the Discord site, as shown below. Subject to change, see the entries for specific weeks below.

Course information

No Class on Wednesday August 26!

Class begins on Wednesday, 7:10-9:25pm, beginning September 2, 2020

The class will meet entirely on-line, over a combination of WebEx and Discord.

The WebEx portion(s) of each class will be recorded, and made available after each class session through Box. Access to this Box folder will be restricted to UMBC.

Course website: https://www.csee.umbc.edu/courses/undergraduate/CMSC491activeCyber/

No face-to-face activity is expected.

Please see this Google doc for UMBC Policies and Resources that applies to this (and other) classes this semester.

 

Prerequisites:

Interest in cyberdefense, including inter-collegiate competition. Computer Science background equivalent to Data Structures CMSC 341 is assumed.

Permission of the instrcutor is required in order to enroll. Send email to nicholas@umbc.edu from your UMBC email address, and tell me your name
AND your student ID. You may attend the class sessions even if you are not enrolled. The Cyberdefense club meets in the same
place and time.

This is NOT an entry-level systems or security course. Students are expected to have a working knowledge of the Windows and Unix operating systems, networks, and/or software development techniques, along with interest if not experience in planning and conducting both penetration testing and countermeasures development.

Overview

• The purpose of this course is to provide a means of awarding academic credit to those who intend to participate in the UMBC CyberDefense Club weekly meetings.
• CyberDawgs website: http://umbccd.umbc.edu/
• Mailing list: https://groups.google.com/a/umbc.edu/g/umbccd-group (request)
• Slack: https://join.slack.com/t/umbccd/shared_invite/zt-gkcg46cj-Km5zalVHnluedSbPDiDgfQ
• This is a HANDS ON course. You will need a laptop - or desktop - computer!
• Everybody will be required to participate in some fashion in the cyberdefense competition that the Cyberdawgs will be organizing this fall. Performance in that event may qualify you for membership in our Cyberdefense Team, which won the 2017 National Collegiate Cyber Defense Competition.
• Everybody is welcome at this and future class meetings, even if not enrolled in the class.
• This class was taught for the first time in Fall 2017, and the web sites for Fall 2017, Fall 2018, and Fall 2019 are still available.

Notes on the Schedule (Subject to Change. Some details TBD)

• In addition to the items shown below, meetings for beginners will be scheduled on an ad hoc basis. Topics for these include:
  • Virtual Machines
  • Linux Command Line 1
  • Linux Command Line 2
  • Capture the Flag
    
    
• August 26, 2020
  NO CLASS
  
  
• Meeting 1 September 2
  Before trying to particpate in class, test these...
  The class WebEx and Discord links are found here (UMBC IP addresses only)
  
  Since many of you will be participating from off campus, it is necessary for you to access the campus network usig a VPN.
  Instructions for doing this are found here:
  https://wiki.umbc.edu/display/faq/Getting+Connected+with+the+New+UMBC+GlobalProtect+VPN
  You will need to establish the VPN connection before you will be able to access our WebEx or Discord links. This is to prevent the rest of the world from accessing the instructional material that you are paying for with tuition dollars! and to make it more difficult for others to disrupt the class via WebEx-bombing.
  
  This will be an introduction and orientation session.
  You are welcome to attend if that helps you decide whether to enroll in the class, or if it helps you decide if you want to be involved in the Cyberdefense club.
  Discuss how grades will be assigned, what homeworks might be given, and so forth. Attendance but also active participation are important!
  People who master the material to the point where they can effectively help others are likely to be awarded a good grade.
  I anticipate giving many As, many Bs, and few if any lower grades.
  Experienced club members will be able to talk about how to get started
  There is a UMBCCD email list, which you can join from the club web page UMBC CyberDefense Club.
  The slides for this evening.
  The recordings of class sessions for this semester will be found here. You will need to use the UMBC VPN, or maybe authenticate with myUMBC.
  
  
• Meeting 2 September 9
  Linux Administration
  By now you should be more comfortable with VirtualBox. Because you will need it!
  Before this session, you should have installed this OVA file for Kali Linux https://drive.google.com/file/d/1IDknBGd3j-CwxOc18Hiw-ZFem4UA5Ow3/view?usp=sharing
  The slides for this evening.
  The lab for this evening. Due at 7pm on September 16.
  The recordings of class sessions for this semester will be found here. You will need to use the UMBC VPN, or maybe authenticate with myUMBC.
  
  
• Meeting 3 September 16
  Windows Administration.
  Please install this OVA file for Windows 8. https://drive.google.com/file/d/1tLtFKKtlwsZESi4cFcMnSk4wcrWe4_dB/view?usp=sharing
  For this VM, the username is Administrator and the password is Sqordfish0!
  You can view this evening's slides here.
  The lab for this week. Due at 7pm on September 23.
  This homework is just a bit longer than last week's lab, so plan accordingly.
  We are aware of upcoming religious holidays, just let Dr. Nicholas know if you need extra time.
  The recordings of class sessions for this semester will be found here. You will need to use the UMBC VPN, or maybe authenticate with myUMBC. Just seeing if this works!
  
  
• Meeting 4 September 23
  Host-based Firewalls
  We now have information about the NSA CodeBreaker Challenge
  Participation in CodeBreaker counts towards the class cyber competition requirement.
  The slides for tonight.
  The homework being assigned tonight.
  The recordings of class sessions for this semester will be found here.
  
  
• Meeting 5 September 30
  Linux Hardening
  The slides for tonight
  The homework being assigned tonight.
  The recordings of class sessions for this semester will be found here.
  
  
• Meeting 6 October 7
  Windows Hardening
  The slides for tonight.
  The homework being assigned tonight.
  The recordings of class sessions for this semester will be found here.
  Regarding Homework 5: When you see the "You've been hacked!" window on your Windows VM, please click the "OK" button and not the "X." Additionally, it's been brought to my attention the logic bomb on some people's VMs is not deploying the misconfigurations properly. Once you discover the logic bomb, please manually run the files the logic bomb should automatically execute. Inspect the "Properties" of the 3 components of the logic bomb to find the files. If you have found the logic bomb but are unsure of how to run the files, please contact a TA.
  
  
• Meeting 7 October 14
  Incident Response
  You will need this VM before class tonight
  The slides for tonight
  The homework being assigned tonight
  The recordings of class sessions for this semester will be found here.
  Henry will have office hours 2-4pm on Wednesday 10/14
  Maks will have office hours 5-6pm on Thursday 10/15
  
  
• Meeting 8 October 21
  Ten Minute Power Hour Talks:
  1. Wasabi (Timothy Allmon) - CTF stuff (sorry, no transcript)
  2. Maksim Eren- Machine learning in cybersecurity (slides pdf)
  3. RJ - Windows XP joke malware (again)
  4. Enis Golaszewski- Protocol Analysis
  5. Henry Budris- Reversing the bomb?
  Break (5 minutes)
  6. Ben - Checkm8 and jailbreaking (won't be recorded, slides pdf)
  7. Nikola Bura- RF Pagers (sorry, no transcript)
  8. Cyrus Bonyadi - Crypto Policy (sorry, no transcript)
  9. Dr. Nicholas - Effect of COVID on higher education
  The recordings of class sessions for this semester can be found here.
  
  
• Meeting 9 October 28
  Web Hacking
  The homework being assigned this week.
  The slides should now be available.
  The recordings of class sessions for this semester can be found here.
  
  
• Meeting 10 November 4
  Offensive Security
  The homework for this week is ready.
  CORRECTION: Part 2 should say that the exploit should use a bind shell payload, and part 3 should use a reverse shell payload. But we decided that students can use any type of payload on both parts of the lab.
  CLARIFICATION: If any of the options, payloads, or targets don't require any configuring in metasploit, please say that explicitly in the homework instead of leaving the question blank.
  The slides should now be available.
  The OVA file for the homework should be downloaded before class if possible.
  The recordings of class sessions for this semester can be found here.
  
  
• Meeting 11 November 11
  Password Cracking
  The slides for this week.
  This week's lab assignment.
  The recordings of class sessions for this semester can be found here.
  
  
• Meeting 12 November 18
  Capture The Flag
  You will have TWO weeks to finish this CTF.
  You need to register here. You can access the challenges here.
  The recordings of class sessions for this semester can be found here.
  
  
• November 25
  No class on this date, it being Thanksgiving Eve.
  At some point, you will get an email from the campus, asking you to fill out the SEEQ. Please do this! Recall that the Student Evaluation of Educational Quality (SEEQ) is a standardized course evaluation instrument used to provide measures of an instructor’s teaching effectiveness.  The results of this questionnaire will be used by promotion and tenure committees as part of the instructor’s evaluation. The Direct Instructor Feedback Forms (DIFFs) were designed to provide feedback to instructors and they are not intended for use by promotion and tenure committees. The responses to the SEEQ and the DIFFs will be kept confidential and will not be distributed until final grades are in.
  
  
  
• Meeting 13 December 2
  Round Table Discussion
  The recordings of class sessions for this semester can be found here.
  PLEASE, be sure to complete the course survey for CMSC 491/791, which provides valuable feedback for me, the program, and the university.  I really appreciate the time that you take to complete these surveys, and the department takes them seriously as a way to keep improving the course.
  While you're at it, please complete the course surveys for all of your courses, and ask your friends to do the same!  The administration actually does look at the data and we do our best to work with departments and faculty to address problems, and to reward and recognize great teaching.
  
  
  
• There is NO final exam in this class...
  
  

Textbook(s): None

The following book(s) are not required, but may be helpful:

Cyberoperations, by Mike O'Leary, second edition

Windows Internals, Parts 1 and 2, by Mark Russinovich

Hacking: the art of exploitation, by Jon Erickson.

Be careful when dowloading "free" copies of this or similar books! Additional resources, varying in quality, can be found on Wikibooks and other places.

Course Policies

Grading

Students enrolled in CMSC 491 will be expected to attend and participate in the weekly Cyberdawg meetings, including the prep work that may be announed before or after each class session. Also, to suggest resources that could be added to this site, such as on-line tutorials, tools, YouTubes, and so forth.

Students enrolled in CMSC 791 will be subject to the same expectations as students in 491.

Grading Scheme: 15% attendance, 20% competition participation, 65% homeworks. Homeworks are equal weight, and there will be 8-10 of them. There are no exams.

This course includes 10 lab assignments. You will be given time to work on each lab during the meetings. Each lab has a group portion and an individual portion. You may collaborate with other students or CyberDawgs club members on the group portion of each lab. However, you must still complete the lab on your own virtual machine. You may not work on the individual portions of the labs with any other students or club members. Labs must be submitted by 7:00pm the following Wednesday. No late submissions will be accepted. Only 9 lab assignments will be counted, the lowest lab grade will be dropped.

Attendance will be taken during each meeting and is worth a portion of your grade total. If you are unable to attend a meeting, please email Dr. Nicholas.

You are required to attend at least one CTF or red team/blue team competition during the semester. During this semester we expect all events to be online. Events hosted during regular club meetings do not count towards this requirement. A list of recommended competitions is provided below. If you would like to compete in a competition that is not listed, please email Dr. Nicholas.

Abuse of Resources

PAY ATTENTION TO THIS!

Abuse of the knowledge or experience you gain in this course may subject you to discipline under UMBC policy and/or criminal prosecution. Do not expect your status as a student to protect you if you break the law! Hacking into campus computers (other than systems approved for such a purpose) is a violation of UMBC policy, and may result in disciplinary action possibly including expulsion, in addition to possible criminal charges.

 

Resources

A collection of resources will be made available.. Suggestions are welcome!

This web site's URL should be https://www.csee.umbc.edu/courses/undergraduate/CMSC491activeCyber/