ASSIGNMENTs are due at 11:59PM on the date where they appear. Do READING/VIDEO items by class time on the date where they appear. We'll do LAB items during class.
M Sep 11
- [READING] Course information
- [READING] Look at our course resources page
- [SURVEY] If you haven't yet, please fill out this survey
- [ASSIGNMENT for the term] Practice your security mindset
- Class notes
W Sep 13
- [ASSIGNMENT] Setting up Slack, git, and Kali.
- [READING] Inside the Twisted Mind of the Security Professional, by Bruce Schneier
- [VIDEO] (19:38) Introduction to HTTP
- [LAB] A network tools scavenger hunt
- Class notes
F Sep 15
- [READING] A note on ethics
- [VIDEO] Introduction to Wireshark. (From spring 2021, when we were using VirtualBox instead of UTM and VMWare.)
- [ASSIGNMENT] Getting started with Wireshark
- Class notes
M Sep 18
- [READING] History of the browser user agent string. This one is both illuminating and hilarious, describing how the "User-Agent" HTTP header strings got to be so weird and complicated.
- [READING] base64
- [VIDEO] (12:35) Intro to base64
- [READING] Sections 1, 1.1, 2, 2.1, and 2.2 of RFC 7230: Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing and Sections 4 and 5.5 in RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. Be ready to discuss your questions. Feel free to post questions and thoughts in advance on Slack #general ahead of time.
- [VIDEO] (12:20) Reading technical specifications
- Class notes
W Sep 20
F Sep 22
- [READING] Chapter 5 of Anderson (Cryptography) I recommend skimming this, and then using it as a reference as needed.
- [READING] Study questions for cryptography
- [VIDEO] (25:54) Symmetric encryption
- [VIDEO] (21:40) Public-Key (Asymmetric) encryption
- [VIDEO] (9:32) Diffie-Hellman key exchange
- [LAB] Diffie-Hellman & RSA by hand
- Class notes
- Slides
M Sep 25
- [ASSIGNMENT 9/26] Being Eve
- Class notes
- Slides
W Sep 27
- [VIDEO] (33:41) Cryptographic hash functions
- Class notes
- Slides
F Sep 29
- [VIDEO] (25:00) Public Key Infrastructure (PKI)
- Class notes
- Slides
M Oct 2
- [ASSIGNMENT 10/2] What's in a Key File?
- Class notes
- Slides
W Oct 4
- [VIDEO] (25:00) Public Key Infrastructure (PKI)
- [READING] Public key infrastructure (Wikipedia)
- [READING] X.509 (Wikipedia). Goal: learn what a certificate is, and what it's for.
- Class notes
- Slides
F Oct 6
- [ASSIGNMENT 10/7] Some cryptographic scenarios
- Class notes
- Slides
M Oct 9
- Class notes. This class-notes document contains a study guide for the exam.
W Oct 11
- In-class exam
F Oct 13
M Oct 16
- Midterm break. Go wild, sleep in!
W Oct 18
- Threat Modeling Explained (blog post). Focus especially on STRIDE.
- [READING] The CIA Triad
- [READING] The Parkerian Hexad
- [ASSIGNMENT 10/18] Threat modeling with STRIDE
- Class notes
- Slides
F Oct 20
- [READING] Lessons from 22 Years of the U.S. DMCA, by Cory Doctorow. Be prepared to discuss today (Friday 10/20). Keep in mind that this is an opinion piece, so keep your critical thinking glasses on.
- [READING, OPTIONAL] While reading the Doctorow essay, you might find this useful: the US Law section of Wikipedia's article on Anti-Circumvention
M Oct 23
- [ASSIGNMENT] Ethical analysis of a security scenario
- Class notes
W Oct 25
F Oct 27
- [ASSIGNMENT 10/28] Password cracking
- Class notes
- Slides
M Oct 30
- [READING] Address Resolution Protocol (ARP)
- [ASSIGNMENT 10/31] Adversary-in-the-Middle via ARP Cache Poisoning
- Class notes
- Slides
W Nov 1
F Nov 3
- [READING] Reflections on Trusting Trust, by Ken Thompson. This is my favorite CS paper. Come to class prepared to discuss it.
- Class notes
M Nov 6
- [ASSIGNMENT 11/6] Two topics: Cookies and Cross-Site Scripting (XSS)
- Class notes
W Nov 8
F Nov 10
M Nov 13
- [LAB] Intro to Metasploit (if we have time)
- Class notes
W Nov 15
- Last day of classes!
- [ASSIGNMENT 11/15] A video about a historical security incident
- [EXAM DUE 5:00PM Monday, 11/20] Final Exam
- Class notes