Fall 2024
Prof. Charles Nicholas
410-455-2594
nicholas@umbc.edu
ITE 356
Student office hours: MW 2:30-4pm, subject to change
I'll be holding office hours in-person and over WebEx. It's a good idea to send email before trying to meet with me, since my schedule may change at short notice.
To meet with me over WebEx: https://umbc.webex.com/meet/nicholas
The TAs will hold office hours on the Discord site. In-person meetings will be by appointment only. Subject to change, see the entries for specific weeks below.
|
Role/Title | Email Address |
Office Hours |
| Auguste Kiendrebeogo | Graduate Teaching Assistant | QD95656@umbc.edu | TBD |
Rob Shovan |
Assistant Instructor | rshovan1@umbc.edu |
W 4-6pm (Discord only) |
Course Information
Class begins on Wednesday, August 28, 2024, 7:10-9:25pm.
The class will meet in hybrid format. No requirement for in-person participation is planned, and remote particpation will be the norm.
The assigned classroom is MP 103, but we probably won't use it!
If illness of any kind keeps you from finishing an assignment on time, let me know, and we'll try to be helpful.
This course uses WebEx for class presentations, and Discord for in-class discussions and meetings with TAs.
The WebEx and Discord links for the class and course assistant office hours are HERE. You will need UMBC credentials to access these links.
The WebEx portion(s) of each class will be recorded automatically, and made available after each class session. A link to the course recordings appears after each session. All recordings are in the same Box directory.
Course website: https://courses.cs.umbc.edu/undergraduate/CMSC491activeCyber/indexFall24.html (You are looking at this web page now :-)
Course Policies
Grading
Grading Scheme: 20% competition participation, 80% homeworks. Homeworks are equal weight, and there will be 8-10 of them. There are no exams.
You will be given time to work on each lab during the meetings. Some labs may have a group portion and an individual portion. You may collaborate with other students or CyberDawgs club members on the group portion of such labs. However, you must still complete the lab on your own virtual machine. You may not work on the individual portions of the labs with any other students or club members. Labs must be submitted by 7:00pm the following Wednesday. Whatever the number of lab assignments, the lowest lab grade will be dropped.
You are required to participate in at least one CTF or red team/blue team competition during the semester. At this time, we expect all such events to be online. Events hosted during regular club meetings do not count towards this requirement. Recommended competitions will be discussed in class. If you would like to compete in a competition that has not been mentioned, please email Dr. Nicholas.
Generative AI: For this class, if you use ChatGPT (or similar chatbots or AI-based generation tools), you must describe exactly how you used it, including providing the prompt, original generation, and your edits. This applies to prose, code, or any form of content creation. Not disclosing is an academic integrity violation. If you do disclose, your answer may receive anywhere from 0 to full credit, depending on the extent of substantive edits, achievement of learning outcomes, and overall circumvention of those outcomes.
Use of AI/automatic tools for grammatical assistance (such as spell-checkers or Grammarly) or small-scale predictive text (e.g., next word prediction, tab completion) is okay. Provided the use of these tools does not change the substance of your work, use of these tools may be, but is not required to be, disclosed.
We'll discuss other permitted and encouraged uses of ChatGPT, CoPilot, and other generative AI systems.
Academic Integrity
Students are expected to do their own assignments. We may allow collaboration on certain assignments during the semester, but we will tell you so as that happens. If you submit for credit work that is not your own, there will be consequences, perhaps including zero on that assignment, reduction in final grade, or forfeiture of current or future prospects for financial aid from CSEE. Here is a web site that explains UMBC's position on Academic Integrity.
Resources for Students
Do you know about Retriever Essentials? It's there if you need them. According to their web site, "Retriever Essentials is a faculty, staff, and student-led partnership that promotes food access in the UMBC community. However, we offer more than just free groceries, we also offer toiletries, baby items, and meal swipes. The services we provide that are listed below are 100% free. You can find more in-depth information regarding each of our services in the attached documents."
We also incorporate the Syllabus Language provided by the UMBC Office of Equity and Civil Rights for this semester, as given here:
https://ecr.umbc.edu/sample-title-ix-responsible-employee-syllabus-language/
Prerequisites:
Interest in cyberdefense, including inter-collegiate competition. Computer Science background equivalent to Data Structures CMSC 341 is assumed. A course in computer security is encouraged but not required.
Students are expected to have a working knowledge of the Windows and Unix operating systems, networks, and/or software development techniques, along with interest if not experience in planning and conducting both penetration testing and countermeasures development.
Abuse of the knowledge or experience you gain in this course may subject you to discipline under UMBC policy and/or criminal prosecution. Do not expect your status as a student to protect you if you break the law! Hacking into campus computers (other than systems approved for such a purpose) is a violation of UMBC policy, and may result in disciplinary action possibly including expulsion, in addition to possible criminal charges.
This class was taught for the first time in Fall 2017, and the web sites for Fall 2017, Fall 2018, Fall 2019, Fall 2020, Fall 2021, Fall 2022, and Fall 2023 are still available.
Textbook(s): None
The following book(s) are not required, but may be helpful:
- Cyberoperations, by Mike O'Leary, second edition
- Windows Internals, Parts 1 and 2, by Mark Russinovich
- Hacking: the art of exploitation, by Jon Erickson.
Be careful when dowloading "free" copies of this or similar books! Additional resources, varying in quality, can be found on Wikibooks and other places.
Overview
- One of the purposes of this course is to provide a means of awarding academic credit to those who participate in the UMBC CyberDefense Club weekly meetings.
- CyberDawgs website: http://umbccd.umbc.edu/
- This is a HANDS ON course. You will need a laptop - or desktop - computer!
- Everybody will be required to participate in some fashion in the cyberdefense competition that the Cyberdawgs will be organizing this fall. Performance in that event may qualify you for membership in our Cyberdefense Team, which has won several regional and national competitions in recent years.
Class Schedule (Subject to Change)
- The recordings for each class session will be stored here
- You may need to use the UMBC VPN, or authenticate with myUMBC, in order to access the slides or the recordings.
- You may need to use the UMBC VPN, or authenticate with myUMBC, in order to access the slides or the recordings.
- Meeting 1 INTRODUCTION August 28
- Slides for Introduction
- and give people time to join the call
- and give people time to join the call
- Announcements
- Update on waiting lists. No plans to add more grad students, sorry. Some undergrads need this class in order to graduate in December with the cyber track. The department process will do what it does.
- Are you aware of SFS Scholarships? Citizens and PRs. Stipend plus tuition benefts!
- Undergrads, are you aware of the BS/MS degree? What about Study Abroad?
- This will be an introduction and orientation session.
- Discuss how grades will be assigned, what homeworks might be given, and so forth. Attendance but also active participation are important!
People who master the material to the point where they can effectively help others are likely to be awarded a good grade.
I anticipate giving many As, several Bs, and few if any lower grades.
- Discuss how grades will be assigned, what homeworks might be given, and so forth. Attendance but also active participation are important!
- Since many of you will be participating from off campus, it may be necessary for you to access the campus network usig a VPN.
- Instructions for using the VPN are available with a quick search
- You will need to establish the VPN connection before you will be able to access the web page that has the WebEx or Discord links.
This is to prevent the rest of the world from accessing the instructional material that you are paying for with tuition dollars,
as well as make it more difficult for others to disrupt the class via WebEx-bombing. - That's why I sent the email on Monday with the links, so that students could join the WebEx call tonight!
- The UMBC Cyber Defense Club is now known officially as the UMBC CyberDawgs!
- There is a UMBCCD email list, which you can join from the club web page UMBC CyberDefense Club.
- The CyberDawgs have a myUMBC Group https://my3.my.umbc.edu/groups/umbccd
- We intend to give a demo of VirtualBox, and the Kali VM
- The Kali VM we've prepared for this year is found in an OVA file.
- I'll upload the file to Box before class, and here is the link. (9.21 GB)
- You can also check out the Kali VM we used in Fall 2023, found here.
- For this VM, the username is "activecyber" and the password is"Sqordfish0!", without the quotes.
- You can also get your own Kali VM image from https://www.kali.org
- Take a look at the 'usermod' command if you want to change the name of a user...
- Be aware of resources such as this Kali Linux Cheat Sheet
- Mac users may need to use this VHD file.
- Give the virtualbox for M1 a shot:
https://download.virtualbox.org/virtualbox/7.0.8/VirtualBox-7.0.8_BETA4-156879-macOSArm64.dmg
- Give the virtualbox for M1 a shot:
- Homework: ungraded
- Download and install VirtualBox (free for students) often VBox is used as an abbreviation
- Guest Additions may be installed by default, but the Extensions pack is not necessary.
- The documentation for VBox is extensive. Details for VBox Networking
- Download and install the Kali VM provided
- Login to your Kali system, do any updates that are needed, and make a snapshot (or a clone) of the VM
- Create a new user with admin privileges
- It's okay to use the Kali documentation, or web search, or genAI. on this assignment.
- The recordings for each class session will be stored
here
- You may need to use the UMBC VPN, or authenticate with myUMBC, in order to access the slides or the recordings.
- You may need to use the UMBC VPN, or authenticate with myUMBC, in order to access the slides or the recordings.
- Meeting 2 VM and Linux Admin Crash Course September 4
- Announcements
- If any undergradutae students need this class to finish their cyber track, let me know!
- The class BlackBoard site has been opened. Quick preview.
- William to discuss CyberPaws CTF
- The CyberDawgs are organizing a team for CSAW https://www.csaw.io/ctf that's happening this upcoming weekend.
- Will count towards the class competition requirement! Rob can say more perhaps.
- Nicholas is not sure of the status of HackUMBC, but we know it's to take place September 28-29 last weekend in September
- Please note that Hack-a-thons and cyber events are different! There is some but not a lot of overlap in interested students.
- An informal history of the Cyber Defense Team
- Particpation in some sort of approved cyber competition is a requirement of this course.
- You may have heard of the NSA Codebreaker Challenge
- The 2024 Codebreaker Challenge will kick off on September 16, 2024 and run through January 17, 2025! Here is the flyer.
- Website to register in early September - https://nsa-codebreaker.org/home.
- Previous years' challenges, solutions and leaderboard stats are also available. The NSA Codebreaker Challenge was created in 2013 and provides U.S based academic institutions exposure to unclassified problems that simulate the work performed at NSA. The challenge provides a realistic, NSA-centered scenario that inspires students to expand and demonstrate their technical abilities through tasks that require a mix of software reverse engineering, vulnerability analysis, exploitation development, and network analysis. Through the Codebreaker Challenge, we are able to build academic partnerships and talent communities, influence academic curriculum, raise awareness of NSA mission, instill trust and confidence in the Agency, and promote career opportunities. 5,000 students from 450 schools across the country participated in last year’s challenge and we hope this year’s challenge will be just as successful.
- In Cyber, especially competition,
- learning everything you may ever need is impractical, so learn them as you need them
- more to come
- Knowing where to find information is useful. There are lots of resources available regarding different versions of UNIX and Linux
- In anticipation of next week and beyond, take a look at this comprehensive list of Linux Commands
- How many of these do you use a lot?
- How many of them have you never used?
- How would you find out which Linux commands are installed on your system?
- one answer
- but such methods may not be allowed in competition!
- You can view this evening's slides on Linux Administration
-
Demo: installing an FTP client - FileZilla
- sudo apt update
- what if it won't let me use sudo?
- Charles can explain!
- sudo apt upgrade (this could take a while! might be worth making a snapshot or even a clone when done)
- sudo apt install filezilla
- create a launcher for the Kali Desktop
- sudo apt update
- Demo: installing an FTP server - vsftpd
- see instructions at documentation.ubuntu.com
- sudo apt install vsftpd
- man vsftpd
- check and edit the configuration file /etc/vsftpd.conf as desired
- demo of other commands such as sudo, nano, ps, grep, and others
- test using FileZilla
- start the service: sudo service vsftpd start
- other commands include stop, restart, and status
- test the service: sudo service vsftpd status
- see if we can connect:
- ftp localhost 21
- nmap localhost -p 21
- netstat -ltp (or ss -ltp)
- lsof -i :21
- may need to open port 21, but how? different flavors of Linux do this different ways!
- We find it convenient to have a minimal Ubuntu VM, along with Kali. Recommend two CPUs, at least 4GB of RAM
- Optional exercise, no points or deadlines: download and install a minimal version of Linux
- Several choices are available, see https://www.makeuseof.com/tag/linux-distro-space/
- We like the idea of creating a bootable USB drive using Etcher (Linux) or Rufus (Windows)
- Charles has had success with Lubuntu, a light-weight version of Ubuntu
- Demo VBox snapshots, clones, and applicances.
- The lab assignment for this week. Due at 7pm next Wednesday.
- Announcements
- Meeting 3 Windows Administration September 11
- You can view this evening's slides on Windows Administration
- This week's lab assignment
- Announcements
- We are aware of upcoming religious holidays, just let Dr. Nicholas know if you need extra time.
- We are aware of upcoming religious holidays, just let Dr. Nicholas know if you need extra time.
- Please install this Windows 2016 server. (Active...ova)
- Beware! this file is about 11 gigs, and will take some time to download.
- For this VM, the username is Administrator and the password is Sqordfish0!
- We don't care that this is an expired evaluation version, do we?
- Okay to re-install Guest Additions
- If you prefer a fresh copy of Windows Server from Microsoft, you can visit their Evaluation Center.
- Windows Server 2012 R2 (really old) (about eight gigs, 9600...vhd)
- Windows Server 2016 (about seven gigs, Windows...ISO)
- Windows Server 2019 (about ten gigs, 17763...vhd)
- Windows Server 2022 (about 12 gigs, 20348...vhd)
- Installing the VHD versions seems a bit easier. All seem to come with 180 day licenses.
- You may want to learn about the internals of Windows.
- Meeting 4 Network-Base Firewalls September 18
- The next Flash CTF sponsored by MetaCTF will take place this Thursday, September 19th, starting at 5pm EDT (21:00 UTC).
- This competition will last 2 hours, and if you do the competitions in October and November, that will satisfy the competition requirement.
- There will be 5 challenges covering a range of difficulties and topics. Sign up at https://mctf.io/sep2024
- For the competition requirement, we need a 2-page writeup. Discuss your experience in the competition, how this course did or did not help you, and any lessons learned. More on this later.
- We'll be using these slides,
- review of OSI
- IPs and ports
- perimeter- vs. host-based firewalls
- rules can specify ports, protocols, IP ranges, and more
- The lab assignment for this week has been released.
- Demos: using Kali to run port scan (YouTube 1) (YouTube 2)
- Do NOT run a port scan on any host without permission.
- You always have permission to scan 127.0.0.1
- You may want to check out this set of five videos on Ethical Hacking!
- A networking overview on YouTube
- The drawing tool https://app.diagrams.net/
- The network diagram example
- Firewall vendors offer lots of documentation, for example Palo Alto
- We described an open-source firewall called pfSense
- We described an open-source firewall called pfSense
- Check out this CIDR Calculator
- The next Flash CTF sponsored by MetaCTF will take place this Thursday, September 19th, starting at 5pm EDT (21:00 UTC).
- Meeting 5 Linux Hardening September 25
- Announcements
- We may have more information about upcoming cyber competitions.
- Such as this CTF scheduled for November 2
- Some new slides. Comments and suggestions are welcome.
- The homework for this week has been released! Make sure the assigned and due dates are right.
- Details for VBox Networking
- Using Google Compute for Malware Analysis
- check out this detailed report!
- check out this detailed report!
- Some of us recommend the documentation for Arch as a general Linux reference
- The study guides for the Red Hat certification(s) are useful, if you prefer reading a book!
- Consider this example.
- For information on lots of Linux distributions, see Distro Watch
- Do we all know about Docker?
- A useful introduction from Linux Format magazine, but assumes a Linux host
- A useful introduction from Linux Format magazine, but assumes a Linux host
- Announcements
- Meeting 6 Windows Hardening October 2
- Announcements
- The slides for tonight.
- The homework being assigned tonight.
- A link to Windows documentation for Firewall
- CDE Signup (Google Form)
- A session (from Spring 2021) on Windows Shenanigans
- A tool for Windows hardening Hardening Kitty
- Announcements
- Meeting 7 Linux Incident Response October 9
- The Linux IR slides for tonight
- The homework being assigned tonight. The Debian VM needed is here (ova).
- A Linux IR Checklist
- A Jupyter Notebook for malware triage (link)
- Tonight Dr. Nicholas might host an "Ask Me Anything" regarding graduate school!
- Is a graduate degree worthwhile?
- How do I pay for grad school?
- I'm already a grad student. Why are you telling me this?
- Some might want to look at this link to an example master's thesis.
- Meeting 8 Windows Incident Response October 16
- The slides for tonight.
- The homework for tonight has been released. The VM you need to use will be here (OVA)
- Preparing for CDE.
- We have a high opinion of TryHackMe
- RJ's demo of Windows XP malware from last year (mp4) (vtt)
- Competition Writeup is worth 20% of the grade. We expect no more than two pages of text, PDF please.
- What competition did you participate in? If there's a specific date, e.g. the CDE held on 23 October, mention that.
- What was the format of the competition? CTF, Red vs. Blue, or something else?
- What part of the competition did you enjoy the most? what part did you enjoy the least?
- Is there a topic or a cyber-skill that you found most useful?
- Is there a topic or a cyber-skill that you wished you had more of?
- Was the competition a learning experience? If so, how?
- The writeup will be submitted using BlackBoard, as usual, due date 11:59pm Monday of the last week of class
- Meeting 9 October 23
Working in Cyber
- Rob Shovan has prepared some slides
- Cloud security? Use of cloud services, such as Google Computer Platform, including Colab
- Virtualziation options such as containers, e.g. Docker, Kubernetes
- Lab based on Colab, e.g. basic malware analysis
- Meeting 10 Guest Speaker October 30
- Talks to include
- Chris Vatcher, Lockheed Martin, Introduction to Offensive Cyber
- I will be tracking attendance tonight, in order to award some extra credit maybe.
- Talks to include
- Meeting 11 Cyber Threat Intelligence November 6
- Class will be remote tonight! No in-person activity is expected.
- Slides for tonight
- The homework assignment for tonight. Working in pairs is allowed if mentioned inboth reports.
- An example of a Cyber Threat Intelligence report
- Microsoft's recent Digital Defense Report for 2024
- Compare to Microsoft's CTI Blog, which is more specific to incidents and/or threat actors
- Optional topic! Nicholas, Fuzzy Similarity Metrics (Trello)
- It would be good to become familiar with the MITRE ATT&CK Framework! and the D3FEND Framework...
- Meeting 12 Offensive Security November 13
- Offensive Security slides for this week.
- Guest Speaker: Mr. Robleh Esa from MITRE
- Prof. Nicholas may present some slides on Password Cracking
- The lab assignment for this week. This Ubuntu VM will be needed for the assignement.
- If the VM fails to boot on your VirtualBox, make sure you are running the latest version of VirtualBox.
- A screen snap must accompany any complaint :-)
- Google's Cybersecurity Forecast 2025 (available from Google, pdf for users at UMBC)
- Possible topics for other speakers. What do you think?
- Social Engineering
- Example of a Process Injector
- What's it like to be a Red Teamer?
- Gov vs. contractor vs. private industry
- Secure Coding in RUST?
- CERTs 8570, vs. CISSP, vs. CEH (Homer from TC?)
- others?
- Meeting 13 November 20 Round Table
- If you turn in this homework assignment by 11:59pm Sunday 11/24/2024, you'll be eligible for 5% extra credit.
- Finish from last week as needed
- Round Table Discussion
- Google has asked Nicholas for comments on the Cybsecurity Forecast mentioned above.
- If you want to reead the document and send comments to me, I can aggregate them and send them to Google
- and at the same time ask them if they want to send an invited speaker to the malware class next semester!
- we can go through that Forecast, quickly, if time permits
- The recordings of class sessions for this semester will be found here.
- PLEASE, be sure to complete the course survey for CMSC 491/691, if you have not yet done so!
- November 27 NO CLASS
- No class tonight, it being Thanksgiving Eve.
- At some point, you will get an email from the campus, asking you to fill out the SEEQ. Please do this!
- Recall that the Student Evaluation of Educational Quality (SEEQ) is a standardized course evaluation instrument used to provide measures of an instructor’s teaching effectiveness.
- The Direct Instructor Feedback Forms (DIFFs) were designed to provide feedback to instructors.
The responses to the SEEQ and the DIFFs will be kept confidential and will not be distributed until final grades are posted.
- Meeting 14 In-class CTF December 4
- The slides for this week
- The lab for this week.
The CTF itself is accessed through this link: https://metactf.com/join/acdctf-fall2024 - The top THREE high-scoring teams will be awarded extra credit!
- There is NO final exam in this class...but anybody who does well on the in-class CTF held in late November will have reason to hope for a good grade!
- Competition Writeup will be due 11:59pm
SundayMonday of the last week of school, that is, December89, 2024.
This refers to the competition requirement, which is NOT the same as the class CTF.
- Online Student Course Evaluations (SCE's) for fall semester are open until Tuesday, December 10 at 11:59pm. You can complete the SCE any time before the Tuesday 11:59pm deadline.
PLEASE, be sure to complete the course survey for CMSC 491/691, which provides valuable feedback for me, the TAs. and the university.
We appreciate the time that you take to complete these surveys, and the department and I take them seriously as a way to keep improving CS courses.
While you're at it, please complete the course surveys for all of your courses, and ask your friends to do the same! The administration actually does look at the data and we do our best to work
with departments and faculty both to address problems, and to recognize excellent teaching.
- Slides for Introduction
Resources that don't fit into the schedule, but may still be helpful! I haven't tried them all, so watch your step!
- Some Tools for Red Teams
- A Windows Privilege Escalation Tool
- How to Create a Virtual Hacking Lab
- A list of Hacker-Oriented Search Engines
- A series on Windows Rootkit Development part 1, part 2, part 3, part 4
- The Mandiant Blog has lots of cool material! Such as this
- A lot of cyber information gets posted on
TwitterX, such as this - Preparing for the Certified Red Team Pentesting Exam? Take a look at these CRTP Notes
- Take a look at this Windows Internal Crash Course (youtube)
- A recent doctoral dissertation related to DNS
- A tool for monitoring Linux systems
- Some Awesome Cybersecurity Handbooks
- More to come!
Thanks!