CS338 Computer Security
Monday, 13 November 2023

+ This week
- Today: a little wrap-up, some Metasploit
- Wednesday
    - exam questions
    - if you finish your video and are willing to have me
        show it in class, DM me once it's up
    - AMA
- Exam due Monday, Nov 20

+ Questions
- Anything past or present
-

+ What would I do with an extra nine weeks?
- Deeper into cryptography and cryptography engineering
- Deeper into authentication and authorization
    - Kerberos
    - NTLM (and its weaknesses)
    - OAuth (and its weaknesses0
    - MFA
    - FIDO2 & passkeys
    - ...
- Defense
- Malware
    - Reverse engineering if I could require CS208 as a prerequisite
- Data privacy
- Forensics
- More history
- Bring in some industry visitors
- Maybe a red-team/blue-team exercise
- ...?

+ How do you keep yourself safe? (Does your new knowledge help?)
- Install updates/patches
- Avoid password reuse
- Don't be like Jeff, clicking on evil buttons
    Learn techniques of phishing and be alert for them
- Keep an eye out for web insecurity (http vs. https, for example)
- Be mindful of where you're storing your data (e.g., credit card numbers)
    - Be aware that your SSN, passport #, credit cards are probably
        discoverable by a dedicated attacker

+ Pen-testing practice
- overthewire.org
- hackthebox.com
- tryhackme.com
- ...

+ Metasploit lab