This practical, hands-on 1-credit course provides students with an introduction to ethical hacking. The course begins with a discussion on the ethics behind security research and progresses to topics that surround penetration testing, forensics, cryptology, and binary reverse engineering and exploitation. This course is also meant to introduce students to Capture-the-Flag (CTF) style cybersecurity challenges, encourages participation in UMD's Cybersecurity Club (UMDCSEC), and prepares for CMSC414.
- Course: CMSC389R
- Prerequisites: C- or better in CMSC216 and CMSC250
- Credits: 1
- Seats: 30
- Lecture Time: Fridays, 3-3:50PM
- Location: CSI 2118
- Semester: Spring 2018
- Textbook: None
- Course Facilitators: Michael Reininger, William Woodruff and Joshua Fleming
- Faculty Advisor: Dave Levin
- Syllabus Last Updated: September 30, 2017
- Security research ethics
- Cyberlaw
- Responsible disclosure
- Expectation of privacy
- Linux
- Command line
- Configuring an environment
- Virtual machines
- Target reconnaissance
- OSINT
- Social engineering
- OPSEC
- Penetration testing
- Vulnerability scanning
- Using automated tools
- Maintaining persistence
- Forensics
- Imaging
- File types and carving
- Metadata
- File system artifacts
- Password cracking
- Network captures
- Steganography
- Binaries
- Reverse engineering
- Stack-based buffer overflow
- Shellcode
- Web
- Javascript deobfuscation
- SQL injection
- XSS & CSRF
- Crypto
- Classic ciphers
- Symmetric and asymmetric key
- CTF
- Jeopardy vs Attack-Defense
- Write-ups
- Lock picking (if there is time)
Grades will be maintained on the CS Department grades server.
You are responsible for all material discussed in lecture and posted on the class repository, including announcements, deadlines, policies, etc.
Your final course grade will be determined according to the following percentages:
| Percentage | Title | Description |
|---|---|---|
| 55% | Write-ups | Weekly individual write-ups (250-500 words) that summarize the lecture and assigned CTF challenges. |
| 20% | Midterm | Examination on topics covered until Forensics II. |
| 25% | Final Hack | Demonstrate mastery of all topics learned and apply knowledge to change your grade on the class's private grade server. The grade earned will be determined by levels unlocked in the grade server and will be applied to your official final grade. |
Any request for reconsideration of any grading on coursework must be submitted within one week of when it is returned. No requests will be considered afterwards.
| Week | Topic | Assignment |
|---|---|---|
| 1 (TBD) | Introduction + Ethics + Linux | Download VirtualBox, Kali. Gray Hat Hacking (Ch. 1). OSINT Handbook. OPSEC. |
| 2 (TBD) | Linux + OSINT + OPSEC | Challenges. Write-up 1. |
| 3 (TBD) | Vulnerability scanning | Write-up 2. |
| 4 (TBD) | Penetration testing I | Write-up 3. |
| 5 (TBD) | Penetration testing II | Challenges. Write-up 4. |
| 6 (TBD) | Forensics I | Write-up 5. |
| 7 (TBD) | Forensics II | Challenges. Write-up 6. |
| 8 (TBD) | Binaries I | Write-up 7. |
| 9 (TBD) | Binaries II | Challenges. Write-up 8. |
| 10 (TBD) | Web I | Write-up 9. |
| 11 (TBD) | Web II | Challenges. Write-up 10. |
| 12 (TBD) | Cryptology I | Write-up 11. |
| 13 (TBD) | Cryptology II | Challenges. Write-up 12. |
| 14 (TBD) | CTF | Write-up 13. |
| 15 (TBD) | Lock picking | Write-up 14. |
Outside of class interaction between students and course staff will occur via piazza. Email should only be used for emergencies and not class related questions.
Instructor:
Dr. Dave Levin - dml@cs.umd.edu
TAs:
Michael Reininger - michael@csec.umiacs.umd.edu
William Woodruff - william@yossarian.net
Joshua Fleming - secretary@csec.umiacs.umd.edu
See the section titled Course Related Policies.
See the section titled "Accessibility" available at Course Related Policies.
Note that academic dishonesty includes not only cheating, fabrication, and plagiarism, but also includes helping other students commit acts of academic dishonesty by allowing them to obtain copies of your work. In short, all submitted work must be your own. Cases of academic dishonesty will be pursued to the fullest extent possible as stipulated by the Office of Student Conduct.
It is very important for you to be aware of the consequences of cheating, fabrication, facilitation, and plagiarism. For more information on the Code of Academic Integrity or the Student Honor Council, please visit http://www.shc.umd.edu.
If you have a suggestion for improving this class, don't hesitate to tell the instructor or TAs during the semester. At the end of the semester, please don't forget to provide your feedback using the campus-wide CourseEvalUM system. Your comments will help make this class better.