Syllabus EN.650.431 Ethical Hacking Spring 2016 Descriptin Cyber security is the premier issue f ur time. It affects every facet f industry and ur gvernment, and thus is nw a threat t ur U.S. Natinal Security. This curse is designed t intrduce students t the skills needed t defend cmputer netwrk infrastructure by expsing them t the hands-n identificatin and creatin f vulnerabilities in servers (i.e., Windws and Linux), wireless netwrks, websites, and cryptlgic systems. These skills will be tested by having teams f students develp and participate in instructr lead capture-the-flag cmpetitins. Als included are advanced tpics such as shell cding, IDA Pr analysis, fuzzing, and writing r expliting netwrk-based applicatins r techniques such as web servers, spfing, and denial f service. Instructr Dr. Lanier Watkins, lanier.watkins@jhuapl.edu r lanierwatkins@gmail.cm Office: 317 Malne Hall Office hurs: by appintment thrugh email Meetings 6:00-8:30 pm, Thursday Hackerman B-17 except the belw dates: Hdsn 213 n 2/11/16, 3/24/16, and 4/7/16 Textbk Required: Camern Buchanan. Kali Linux CTF Blueprints, Packt Publishing, 2014 Recmmended: Jn Ericksn. Hacking, 2nd Editin: The Art f Explitatin, 2008 Online Resurces Please lg in t Blackbard fr all materials related t this curse. [Or prvide a URL if using anther nline curse management system.] Curse Objectives (1) Students will learn hw t identify and create vulnerabilities in servers, wireless netwrks, websites, and cryptlgic systems (2) Students will learn hw t develp and participate in capture-the-flag exercises. Curse Tpics Penetratin testing Netwrk hardening
Capture-the-flag exercise creatin, strategy, and scring Tpics and Schedule: Date Tpic Cmments Week #1 1/28/16 Week #2 2/4/16 Expliting Windws Expliting Windws Fcus n planting flags fr windws fr varius scenaris (i.e., securing windws envirnment except fr vulnerable sftware which leads t flag) Chapter 1: Page 7-15 Fcus n planting flags fr windws fr varius scenaris (i.e., securing windws envirnment except fr vulnerable sftware which leads t flag) Chapter 1: Page 15-35 Syllabus Review Ethics Discussin Discuss semester lng Capture-the- Flag (CTF) student prjects See week #13 fr details Discuss Bnus Attend Natinal Cllegiate Cyber Defense Cmpetitin (http://maccdc.rg) 2-hur hands-n creating and/r explitatin f server vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes 2-hur hands-n creating and/r explitatin f server vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Week #3 2/11/16 Expliting Linux Fcus n planting flags fr Linux fr varius scenaris (i.e., securing Linux envirnment except fr vulnerable sftware which leads t flag) 2-hur hands-n creating and/r explitatin f server vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Chapter 2: Page 37 47 Hmewrk #1 Week #4 2/18/16 Expliting Linux Fcus n planting flags fr Linux fr varius scenaris (i.e., securing Linux envirnment except fr vulnerable sftware which leads t flag) 2-hur hands-n creating and/r explitatin f server vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Chapter 2: Page 47 59
Week #5 2/25/16 Expliting Wireless and Mbile Fcus n planting flags fr wireless r mbile devices fr varius scenaris (i.e., securing wireless r mbile device envirnments except fr vulnerability which leads t flag) 2-hur hands-n creating and/r explitatin f wireless vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Chapter 3: Page 61 71 Review Hmewrk #1 Hmewrk #2 Week #6 3/3/16 Expliting Wireless and Mbile Fcus n planting flags fr wireless r mbile devices fr varius scenaris (i.e., securing wireless r mbile device envirnments except fr vulnerability which leads t flag) 2-hur hands-n creating and/r explitatin f wireless vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Chapter 3: Page 71-80 Week #7 3/10/16 Scial Engineering Websites and Pictures Fcus n extracting inf frm peple via crss-site scripting r passing/extracting inf in/ut f pictures fr varius scenaris (i.e., securing websites envirnments except fr vulnerability which leads t flag) Chapter 4: Page 81-91 Review Hmewrk #2 Hmewrk #3 Exam 1 1 hur 1-hur hands-n creating and/r explitatin f website vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Week #8 3/17/16 Scial Engineering Websites and Pictures Fcus n extracting inf frm peple via crss-site scripting r passing/extracting inf in/ut f pictures fr varius 2-hur hands-n creating and/r explitatin f website vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes
scenaris (i.e., securing websites envirnments except fr vulnerability which leads t flag) Chapter 4: Page 91-101 Week #9 3/24/16 Expliting Cryptlgy Fcus n using basic tls t explit imprperly implemented encryptin n previusly placed flags 2-hur hands-n creating and/r explitatin f imprperly implemented encryptin vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Chapter 5: Page 103 113 Review Hmewrk #3 Hmewrk #4 Week #10 3/31/16 Expliting Cryptlgy Fcus n using basic tls t explit imprperly implemented encryptin n previusly placed flags 2-hur hands-n creating and/r explitatin f imprperly implemented encryptin vulnerabilities Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Chapter 5: Page 113-123 Week #11 4/7/16 Capture the Flag Basics Tw 5 min breaks (7 & 8pm) Grups Cllabrate 20 minutes Basic rules and strategies Hw t scre flag captures and reprt team prgress Chapter 6: Page 125 132 Review Hmewrk #4 Hmewrk #5 Week #12 4/14/16 Capture the Flag Walkthrugh In class walkthrugh f a capture the flag challenge Exam 2 I hur Tw 5 min breaks (7 & 8pm) Tw 5 min breaks (7 & 8pm) Discussins n scring and reprting status f walkthrugh Chapter 6: Page 132-162
Week #13 4/21/16 Capture the Flag Turnament Team CTF prjects Tw 5 min breaks (7 & 8pm) Frm start f semester, the class will be divided int tw large teams and tasked with creating Capture the Flag (CTF) Challenges. The large teams will exchange CTF challenges, split int smaller teams which will cmpete against each ther in the unseen challenge. The large team that created the CTF challenge will scre and reprt the status f the cmpetitin. The CTF challenges will be dne in class and will be timed. These challenges will be semester lng prjects fr the students. Curse Expectatins & Grading Grading Rubric Assignment Windws, Linux, and Wireless Hacking Exam #1 Scial Engineering, Cryptlgy, and CTF Exam# 2 Class Participatin: # f Assignments Percentage f Grade Cmments 1 15% In class, clsed ntes exam 1 15% In class, clsed ntes exam 13 20% Fllwing alng with in-class hacking assignments Hme Wrk 5 20% Hmewrk Assignments Team CTF Prject 2 30% Bth grups will develp a CTF Prject Plan turnament CTF Implementatin Grading: A letter grade will be assigned accrding t this frmula: A+, 97-100%; A, 93-96%; A-, 90-92%; B+, 87-89%; B, 83-86%; B-, 80-82%; C, 70-79%; F,:<70%. Apprpriate curving will be made as necessary. What kinds f wrk yu ll be ding in this curse. Weekly hmewrk assignments, tw midterms, ne final. Active participatin in class discussin, ral presentatin. And explain the grading basis and plicy.
Key Dates Dates fr exams, presentatins, etc. This can be n Blackbard instead f here. Assignments & Readings Fr thse wh specify this explicitly in advance. Or say explicitly that these are psted n the Blackbard site fr this curse. Ethics The strength f the university depends n academic and persnal integrity. In this curse, yu must be hnest and truthful, abiding by the Cmputer Science Academic Integrity Plicy: Cheating is wrng. Cheating hurts ur cmmunity by undermining academic integrity, creating mistrust, and fstering unfair cmpetitin. The university will punish cheaters with failure n an assignment, failure in a curse, permanent transcript ntatin, suspensin, and/r expulsin. Offenses may be reprted t medical, law r ther prfessinal r graduate schls when a cheater applies. Vilatins can include cheating n exams, plagiarism, reuse f assignments withut permissin, imprper use f the Internet and electrnic devices, unauthrized cllabratin, alteratin f graded assignments, frgery and falsificatin, lying, facilitating academic dishnesty, and unfair cmpetitin. Ignrance f these rules is nt an excuse. Academic hnesty is required in all wrk yu submit t be graded. Except where the instructr specifies grup wrk, yu must slve all hmewrk and prgramming assignments withut the help f thers. Fr example, yu must nt lk at anyne else s slutins (including prgram cde) t yur hmewrk prblems. Hwever, yu may discuss assignment specificatins (nt slutins) with thers t be sure yu understand what is required by the assignment. If yur instructr permits using fragments f surce cde frm utside surces, such as yur textbk r n-line resurces, yu must prperly cite the surce. Nt citing it cnstitutes plagiarism. Similarly, yur grup prjects must list everyne wh participated. Falsifying prgram utput r results is prhibited. Yur instructr is free t verride parts f this plicy fr particular assignments. T prtect yurself: (1) Ask the instructr if yu are nt sure what is permissible. (2) Seek help frm the instructr, TA r CAs, as yu are always encuraged t d, rather than frm ther students. (3) Cite any questinable surces f help yu may have received. On every exam, yu will sign the fllwing pledge: "I agree t cmplete this exam withut unauthrized assistance frm any persn, materials r device. [Signed and dated]". Yur curse instructrs will let yu knw where t find cpies f ld exams, if they are available. [In additin, the specific ethics guidelines fr this curse are: (1) (Insert unique rules here, such as yur plicy regarding cllabratin n assignments r use f ld exams.) (2) (etc.)] Reprt any vilatins yu witness t the instructr. Yu can find mre infrmatin abut university miscnduct plicies n the web at these sites: Fr undergraduates: http://e-catalg.jhu.edu/undergrad-students/student-life-plicies/ Fr graduate students: http://e-catalg.jhu.edu/grad-students/graduate-specific-plicies/ Students with Disabilities
Any student with a disability wh may need accmmdatins in this class must btain an accmmdatin letter frm Student Disability Services, 385 Garland, (410) 516-4720, studentdisabilityservices@jhu.edu. ABET Outcmes An ability t apply knwledge f cmputing and mathematics apprpriate t the discipline (a) An ability t analyze a prblem, and identify and define the cmputing requirements apprpriate t its slutin (b) An ability t design, implement, and evaluate a cmputer-based system, prcess, cmpnent, r prgram t meet desired needs (c) An ability t functin effectively n teams t accmplish a cmmn gal (d) An understanding f prfessinal, ethical, legal, security and scial issues and respnsibilities (e) An ability t cmmunicate effectively with a range f audiences (f) An ability t analyze the lcal and glbal impact f cmputing n individuals, rganizatins and sciety (g) Recgnitin f the need fr and an ability t engage in cntinuing prfessinal develpment (h) An ability t use current techniques, skills, and tls necessary fr cmputing practice (i) An ability t apply mathematical fundatins, algrithmic principles, and cmputer science thery in the mdeling and design f cmputer-based systems in a way that demnstrates cmprehensin f the tradeffs invlved in design chices (j) An ability t apply design and develpment principles in the cnstructin f sftware systems f varying cmplexity (k)