CMSC 491/691 Active Cyber Defense

Fall 2022

Prof. Charles Nicholas
410-455-2594
nicholas@umbc.edu
ITE 356
Office hours: MW 2:30-4pm, subject to change

I'll be holding office hours in-person and over WebEx. It's a good idea to send email before trying to meet with me, since my schedule may change at short notice.

Link for WebEx office hours: https://umbc.webex.com/meet/nicholas

The TA and UTFs will hold office hours in the "Office Hours" channel on the Discord site, as shown below. Subject to change, see the entries for specific weeks below. Discord details are TBD at this moment.

	Role/Title	Email Address	Office Hours
Henry Budris	Assistant Instructor	hbudris1@umbc.edu	by appointment
Paisley Code	Undergrad Teaching Fellow	pcode1@umbc.edu	Tuesday, 5:30-7:30pm, virtual
Sophia Hamer	Graduate RA	chamer1@umbc.edu	Tuesday and Thursday, 11:30am-12:30pm, virtual
Sai Madhav Kolluri	Graduate TA	nd92132@umbc.edu	Monday 8-10pm, virtual
Ben Nordmann	Undergrad Teaching Fellow	nordman1@umbc.edu	Thursday 4:30-6:30pm, ITE 366
Rob Shovan	Undergrad Teaching Fellow	rshovan1@umbc.edu	Wednesday 3-5pm, ITE 366
Brianna Turgott	Undergrad Teaching Fellow	bturgot1@umbc.edu	Monday 9-11am,virtual

Course Information

Class begins on Wednesday, August 31, 2022, 7:10-9:25pm.

The class will meet in hybrid format. In-person attendance or over WebEx are both acceptable.

The assigned classroom is PUP 105. When in PUP 105, the campus policies about masks will be respected.

No face-to-face activity is required. If illness of any kind keeps you from finishing an assignment on time, let me know, and we'll try to be helpful.

This course uses WebEx for class presentations, and Discord for in-class discussions and meetings with TAs.
The WebEx and Discord links for the class and course assistant office hours are here.
You will need UMBC credentials to access these links.

The WebEx portion(s) of each class will be recorded automatically, and made available after each class session. A link to the course recordings appears after each session. All recordings are in the same Box directory.

Course website: https://www.csee.umbc.edu/courses/undergraduate/CMSC491activeCyber/ (You are looking at this web page now :-)

Prerequisites:

Interest in cyberdefense, including inter-collegiate competition. Computer Science background equivalent to Data Structures CMSC 341 is assumed.

This is a large class this semester! Even so, people may attend the class sessions even if not enrolled. The Cyberdefense club meets in the same place and time.

Students are expected to have a working knowledge of the Windows and Unix operating systems, networks, and/or software development techniques, along with interest if not experience in planning and conducting both penetration testing and countermeasures development.

If you don't have this level of knowledge, you are still welcome to attend, but don't attempt the class for credit. We will have activities appropriate for those new to the cyber and computer systems fields.

Abuse of the knowledge or experience you gain in this course may subject you to discipline under UMBC policy and/or criminal prosecution. Do not expect your status as a student to protect you if you break the law! Hacking into campus computers (other than systems approved for such a purpose) is a violation of UMBC policy, and may result in disciplinary action possibly including expulsion, in addition to possible criminal charges.

This class was taught for the first time in Fall 2017, and the web sites for Fall 2017, Fall 2018, Fall 2019, Fall 2020, and Fall 2021 are still available.

Overview

One of the purposes of this course is to provide a means of awarding academic credit to those who participate in the UMBC CyberDefense Club weekly meetings.
CyberDawgs website: http://umbccd.umbc.edu/
Mailing list: https://groups.google.com/a/umbc.edu/g/umbccd-group (request)
This is a HANDS ON course. You will need a laptop - or desktop - computer!
Everybody will be required to participate in some fashion in the cyberdefense competition that the Cyberdawgs will be organizing this fall. Performance in that event may qualify you for membership in our Cyberdefense Team, which has won several regional and national competitions in recent years.
Everybody is welcome at this and future class meetings, even if not enrolled in the class.

Notes on the Schedule (Subject to Change)

Meeting 1 INTRODUCTION August 31
Since many of you will be participating from off campus, it is necessary for you to access the campus network usig a VPN.
Instructions for using the VPN are found here:
https://wiki.umbc.edu/display/faq/Getting+Connected+with+the+New+UMBC+GlobalProtect+VPN

You will need to establish the VPN connection before you will be able to access our WebEx or Discord links. This is to prevent the rest of the world from accessing the instructional material that you are paying for with tuition dollars! and to make it more difficult for others to disrupt the class via WebEx-bombing.

This will be an introduction and orientation session.
You are welcome to attend if that helps you decide whether to enroll in the class, or if it helps you decide if you want to be involved in the Cyberdefense club.
Discuss how grades will be assigned, what homeworks might be given, and so forth. Attendance but also active participation are important!
People who master the material to the point where they can effectively help others are likely to be awarded a good grade.
I anticipate giving many As, many Bs, and few if any lower grades.
Experienced club members will be able to talk about how to get started
There is a UMBCCD email list, which you can join from the club web page UMBC CyberDefense Club.

Prof. Nicholas will describe the use of virtual machines from the cloud

The Kali VM is found here. You won't need this during class tonight, but you'll need it next week!
For this VM, the username is "activecyber" and the password is"Sqordfish0!"

The recordings of class sessions for this semester will be found here.
The recording from tonight has been uploaded to Box.
You will need to use the UMBC VPN, or authenticate with myUMBC.
Meeting 2 VM Crash Course September 7
Announcements

By now you should be more comfortable with VirtualBox. Because you will need it!
The personal version of VirtualBox, including Guest Additions, is free for students.
The Extensions pack is not necessary, and it is NOT free.

The Download link for VirtualBox (often abbreviated VBox) is here .
Any recent version of VBox is probably okay for the purposes of this course.
The documentation for VBox is extensive. Details for VBox Networking
Kali seems to come with Guest Additions already installed, which is convenient!

You may have heard of the NSA Codebreaker Challenge. As we mentioned in class on 8/31, this counts towards the class competition requirement.
The slides for this evening.

The Kali VM is found here. Download it before class!

No lab assignment this week. In anticipation of next week and beyond, take a look at this comprehensive list of Linux Commands How many of them have you used?
The recordings of class sessions for this semester will be found here.
Meeting 3 Linux Administration September 14

You can view this evening's slides on Linnx Administration .

The lab for this week. Due at 7pm next Wednesday.

We are aware of upcoming religious holidays, just let Dr. Nicholas know if you need extra time.
The recordings of class sessions for this semester will be found here.
Meeting 4 Windows Administration September 21

Please install this OVA file, which is a Windows 2016 server. Beware! this file is about 11 gigs, and will take some time to download.
For this VM, the username is Administrator and the password is Sqordfish0!

You can view this evening's slides on Windows Adminisration
This evening's lab assignment.

For the competition requirement, we need a 2-page writeup. Discuss your experience in the competition, how this course did or did not help you, and any lessons learned. More on this later.
The recordings of class sessions for this semester will be found here.
Meeting 5 Network-Base Firewalls September 28

We'll be using these slides, selected from the following: 2019, 2020, and 2021
The Lab assignment for this week
A networking overview on YouTube
The drawing tool https://app.diagrams.net/
The network diagram example
Firewall vendors offer lots of documentation, for example Palo Alto
We described an open-source firewall called pfSense
Check out this CIDR Calculator

The recordings of class sessions for this semester will be found here.
Meeting 6 October 5
Linux Hardening
Lots of demos tonight, but no slides as such. We may have information about upcoming cyber competitions.
The homework being assigned tonight. The deadline for this lab has been extended until Friday October 14, 11:59pm.
Some of us recommend the documentation for Arch as a general Linux reference
The study guides for the Red Hat certification(s) are useful, if you prefer reading a book! Consider this example.
For information on lots of Linux distributions, see Distro Watch

The recordings of class sessions for this semester will be found here.
Meeting 7 October 12
Windows Hardening
The Windows Hardening Slides for tonight.
The homework being assigned tonight.
The deadline for last week's lab has been extended until Friday October 14, 11:59pm.
CDE Signup (Google Form)
Last spring's session on Windows Shenanigans
Dr. Steve Bagley explains the 2021 Facebook outage on Computerphile. The YouTube clip starts at about 30 seconds in.

Tonight Dr. Nicholas will host an "Ask Me Anything" regarding graduate school!
- Is a graduate degree worthwhile?
- How do I pay for grad school?
- I'm already a grad student. Why are you telling me this?
- Some might want to look at this link to an example master's thesis.
The recordings of class sessions for this semester will be found here.
Meeting 8 October 19

IMPORTANT The WebEx link for the class has changd! The new link is found here.

The new link allows Mr. Shovan and Mr. Budris to co-host the meeting, and recording will start automtatically.

Linux and Windows Incident Response
The IR slides for tonight
The homework being assigned tonight. You'll have two weeks to do this one, which will be in TWO parts.
You will need this VM before class tonight
Sysinternals documentation from HowToGeek
Rob Shovan will be discussing the upcoming CDE competition.
Preparing for CDE.
The recordings of class sessions for this semester will be found here.
Meeting 9 October 26
Guest speaker Mr. Brian Brzezicki from Paladin Group.
NO new homework this week!
We have a high opinion of TryHackMe
RJ's Windows XP malware from last year (mp4) (vtt)

Competition Writeup is worth 20% of the grade. We expect no more than two pages of text, PDF please.
- What competition did you participate in? If there's a specific date, e.g. the CDE held on 23 October, mention that.
- What was the format of the competition? CTF, Red vs. Blue, or something else?
- What part of the competition did you enjoy the most? what part did you enjoy the least?
- Is there a topic or a cyber-skill that you found most useful?
- Is there a topic or a cyber-skill that you wished you had more of?
- Was the competition a learning experience? If so, how?
- The writeup will be submitted using BlackBoard, as usual, due date 11:59pm Sunday of the last week of class
Time permitting, a preview of next semester's malware analysis class
The recordings of class sessions for this semester will be found here.
Meeting 10 November 2
Fifteen minute Power Hour
- Joyce
- Nicholas Fuzzy Similarity Metrics (trello)
- Shovan
- Bura
- Nordmann
- Budris
The homework for this week. We plan to devote some class time to this...
The recordings of class sessions for this semester will be found here.
Meeting 11 November 9
Bates Motel
Slides for SQL Injection
Prof. Nicholas may present some slides on Password Cracking
This week's lab assignment.
The due date for the Bates Motel assignment is extended until 11:59pm, Friday November 18.
The recordings of class sessions for this semester will be found here.
Meeting 12 November 16
Offensive Security
The slides for this week.
The lab assignment for this week.
The VM you will need for the assignement.
The recordings of class sessions for this semester will be found here.
November 23
No class tonight, it being Thanksgiving Eve.
At some point, you will get an email from the campus, asking you to fill out the SEEQ. Please do this!
Recall that the Student Evaluation of Educational Quality (SEEQ) is a standardized course evaluation instrument used to provide measures of an instructor’s teaching effectiveness. The Direct Instructor Feedback Forms (DIFFs) were designed to provide feedback to instructors.
The responses to the SEEQ and the DIFFs will be kept confidential and will not be distributed until final grades are posted.
Meeting 13 November 30
In-class CTF
The slides for this week
You will have some time to work on this CTF.
The lab for this week. Although this is just another homework, anybody who does well on this in-class CTF will have reason to hope for a good grade in the class!

We are interested in hearing from students on any topic relevant to the course, broadly speaking. Feel free to share comments and insights that you put into your competition write-ups.

The Student Course Evaluation web site for this semester has been opened.
Competition Writeup will be due 11:59pm Sunday of the last week of school, i.e. December 4, 2022.

The recordings of class sessions for this semester will be found here.

PLEASE, be sure to complete the course survey for CMSC 491/691, which provides valuable feedback for me, the TAs. and the university. We appreciate the time that you take to complete these surveys, and the department and I take them seriously as a way to keep improving CS courses.
While you're at it, please complete the course surveys for all of your courses, and ask your friends to do the same! The administration actually does look at the data and we do our best to work with departments and faculty both to address problems, and to recognize excellent teaching.
Meeting 14 December 7
Round Table Discussion
The recordings of class sessions for this semester will be found here.
PLEASE, be sure to complete the course survey for CMSC 491/691, if you have not yet done so!
There is NO final exam in this class...but anybody who does well on the in-class CTF held in late November will have reason to hope for a good grade!

Textbook(s): None

The following book(s) are not required, but may be helpful:

Cyberoperations, by Mike O'Leary, second edition

Windows Internals, Parts 1 and 2, by Mark Russinovich

Hacking: the art of exploitation, by Jon Erickson.

Be careful when dowloading "free" copies of this or similar books! Additional resources, varying in quality, can be found on Wikibooks and other places.

Course Policies

Grading

Students enrolled in CMSC 491 will be expected to attend and participate in the weekly Cyberdawg meetings, including the prep work that may be announed before or after each class session. Also, to suggest resources that could be added to this site, such as on-line tutorials, tools, YouTubes, and so forth. Students enrolled in CMSC 691 will be subject to the same expectations as students in 491.

Grading Scheme: 20% competition participation, 80% homeworks. Homeworks are equal weight, and there will be 8-10 of them. There are no exams.

You will be given time to work on each lab during the meetings. Some labs may have a group portion and an individual portion. You may collaborate with other students or CyberDawgs club members on the group portion of such labs. However, you must still complete the lab on your own virtual machine. You may not work on the individual portions of the labs with any other students or club members. Labs must be submitted by 7:00pm the following Wednesday. Whatever the number of lab assignments, the lowest lab grade will be dropped.

You are required to participate in at least one CTF or red team/blue team competition during the semester. At this time, we expect all such events to be online. Events hosted during regular club meetings do not count towards this requirement. Recommended competitions will be discussed in class. If you would like to compete in a competition that has not been mentioned, please email Dr. Nicholas.

Accessibility and Disability Accommodations, Guidance and Resources

Accommodations for students with disabilities are provided for all students with a qualified disability under the Americans with Disabilities Act (ADA & ADAAA) and Section 504 of the Rehabilitation Act who request and are eligible for accommodations. The Office of Student Disability Services (SDS) is the UMBC department designated to coordinate accommodations that creates equal access for students when barriers to participation exist in University courses, programs, or activities.

If you have a documented disability and need to request academic accommodations in your courses, please refer to the SDS website at sds.umbc.edu for registration information and office procedures. If you would like to help ADA students, I understand that the SDS office hires students for this purpose...

SDS email: disAbility@umbc.edu

SDS phone: (410) 455-2459

If you will be using SDS approved accommodations in this class, please contact Dr. Nicholas to discuss implementation of the accommodations. During remote instruction requirements due to COVID, communication and flexibility will be essential for success.

Sexual Assault, Sexual Harassment, and Gender Based Violence and Discrimination

UMBC’s Policy on Sexual Misconduct, Sexual Harassment and Gender Discrimination and Federal Title IX law prohibit discrimination and harassment on the basis of sex, sexual orientation, and gender identity in University programs and activities. Any student who is impacted by sexual harassment, sexual assault, domestic violence, dating violence, stalking, sexual exploitation, gender discrimination, pregnancy discrimination, gender-based harassment or retaliation should contact the University’s Title IX Coordinator to make a report and/or access support and resources:

Mikhel A. Kushner, Title IX Coordinator (she/they)
410-455-1250 (direct line), kushner@umbc.edu

You can access support and resources even if you do not want to take any further action. You will not be forced to file a formal complaint or police report. Please be aware that the University may take action on its own if essential to protect the safety of the community.

If you are interested in or thinking about making a report, please see the Online Reporting/Referral Form. Please note that, while University options to respond may be limited, there is an anonymous reporting option via the online form and every effort will be made to address concerns reported anonymously.

Notice that Faculty are Responsible Employees with Mandatory Reporting Obligations:

All faculty members are considered Responsible Employees, per UMBC’s Policy on Sexual Misconduct, Sexual Harassment, and Gender Discrimination. Faculty are therefore required to report possible violations of the Policy to the Title IX Coordinator, even if a student discloses something they experienced before attending UMBC.

While faculty members want encourage you to share information related to your life experiences through discussion and written work, students should understand that faculty are required to report past and present sexual assault, domestic and interpersonal violence, stalking, and gender discrimination that is shared with them to the Title IX Coordinator so that the University can inform students of their rights, resources and support.

If you need to speak with someone in confidence, who does not have an obligation to report to the Title IX Coordinator, UMBC has a number of Confidential Resources available to support you:

The Counseling Center: 410-455-2472 / After-Hours 410-455-3230 [Monday – Friday; Academic Year: 8:30 a.m. – 5 p.m; Summer: 8:30 a.m. – 4:30 p.m. ]
University Health Services: 410-455-2542 [Monday – Friday 8:30 a.m. – 5 p.m.]
Pastoral Counseling via Interfaith Center: 410-455-3657; interfaith@umbc.edu [7 days a week; Fall and Spring 7 a.m. – 11 p.m.; Summer and Winter 8 a.m. – 8 p.m.]

Other Resources:

Women’s Center (for students of all genders): 410-455-2714; womenscenter@umbc.edu. [Monday-Friday; Spring 10 a.m.-4 p.m.]
Shady Grove Student Resources, Maryland Resources, National Resources.

Child Abuse and Neglect: Please note that Maryland law and UMBC policy require that the faculty report all disclosures or suspicions of child abuse or neglect to the Department of Social Services and/or the police.

Pregnancy

UMBC’s Policy on Sexual Misconduct, Sexual Harassment and Gender Discrimination expressly prohibits all forms of Discrimination and Harassment on the basis of sex, including pregnancy. Resources for pregnant students are available through the University’s Office of Equity and Inclusion. Pregnant and parenting students are encouraged to contact the Title IX Coordinator to discuss plans and assure ongoing access to their academic program with respect to a leave of absence or return following leave related to pregnancy, delivery, or the early months of parenting.

In addition, students who are pregnant may be entitled to accommodations under the ADA through the Student Disability Service Office, and/or under Title IX through the Office of Equity and Inclusion.

Religious Observances and Accommodations

UMBC Policy provides that students should not be penalized because of observances of their religious beliefs, students shall be given an opportunity, whenever feasible, to make up within a reasonable time any academic assignment that is missed due to individual participation in religious observances. It is the responsibility of the student to inform the instructor of any intended absences for religious observances in advance, and as early as possible. For questions or guidance or to request an accommodation, please contact the Office of Equity and Inclusion at oei@umbc.edu.

Hate, Bias, Discrimination and Harassment

UMBC values safety, cultural and ethnic diversity, social responsibility, lifelong learning, equity, and civic engagement.

Consistent with these principles, UMBC Policy prohibits discrimination and harassment in its educational programs and activities or with respect to employment terms and conditions based on race, creed, color, religion, sex, gender, pregnancy, ancestry, age, gender identity or expression, national origin, veterans status, marital status, sexual orientation, physical or mental disability, or genetic information.

Students (and faculty and staff) who experience discrimination, harassment, hate or bias or who have such matters reported to them should use the online reporting/referral form to report discrimination, hate or bias incidents; reporting may be anonymous.

Thanks!