ASSIGNMENTs are due on the day in which they appear below. Due time is 5:00PM if the due date is a Friday, or 11:59PM otherwise. Do READING/VIDEO items by class time on the date where they appear. LABs will happen during class.
M Sep 16
- [READING] Course information
- [READING] Look at our course resources page
- [SURVEY] If you haven't yet, please fill out this survey
- [LAB] What's in an HTTP query and response?
- [ASSIGNMENT] Set up Slack, git, and Kali.
- [ASSIGNMENT for the term] Practice your security mindset
- Class notes
W Sep 18
- [READING] Inside the Twisted Mind of the Security Professional, by Bruce Schneier
- [VIDEO] (19:38) Introduction to HTTP
- [LAB] Some command-line networking tools
- [ASSIGNMENT] Over the Wire's "bandit"
- Class notes
F Sep 20
- [READING] A note on ethics
- [VIDEO] (30:04) Introduction to Wireshark (from spring 2021, when we were using VirtualBox instead of UTM and VMWare)
- Class notes
Sat Sep 21
- [ASSIGNMENT] Getting started with Wireshark
M Sep 23
- [READING] History of the browser user agent string
- [VIDEO] (12:35) Intro to base64
- [READING] base64 (no need to read thoroughly; consult as needed)
- [LAB] A very brief intro to Burp Suite's proxy tool
- Class notes
T Sep 24
- [ASSIGNMENT] HTTP's Basic Authentication: A Story
W Sep 25
F Sep 27
- [VIDEO] (25:54) Symmetric encryption
- [VIDEO] (21:40) Public-Key (Asymmetric) encryption
- [VIDEO] (9:32) Diffie-Hellman key exchange
- [LAB] Diffie-Hellman and RSA by hand
- Class notes
- Slides
Sat Sep 28
- [ASSIGNMENT] Being Eve
M Sep 30
- [VIDEO] (12:20) Reading technical specifications
- [OPTIONAL LAB] Setting up password-free login. Do this on your own sometime if you're interested.
- Class notes
W Oct 2
- [VIDEO] (33:41) Cryptographic hash functions
- [READING] Sections 1, 1.1, 2, 2.1, and 2.2 of RFC 7230: Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing and Sections 4 and 5.5 in RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. Be ready to discuss your questions. Feel free to post questions and thoughts in advance on Slack #general ahead of time.
- [ASSIGNMENT] What's in a key file?
- Class notes
- Slides
F Oct 4
- [VIDEO] (25:00) Public Key Infrastructure (PKI)
- [LAB] Digital Signatures
- Class notes
- Slides
Sun Oct 6
- [ASSIGNMENT] Some cryptographic scenarios
Mon Oct 7
- [OPTIONAL LAB] Certificates
- Class notes
Wed Oct 9
Fri Oct 11
- In-class exam
Mon Oct 14
- [READING] Threat Modeling Explained (blog post). Focus especially on STRIDE.
- [READING] The Threat Modeling Manifesto
- [READING] The CIA Triad
- [LAB] Threat modeling
- Class notes
Wed Oct 16
- [ASSIGNMENT] An ethical analysis
- Class notes
Fri Oct 18
- [READING] Lessons from 22 Years of the U.S. DMCA, by Cory Doctorow. Be prepared to discuss today (Friday 10/20). Keep in mind that this is an opinion piece, so keep your critical thinking glasses on.
- [READING, OPTIONAL] While reading the Doctorow essay, you might find this useful: the US Law section of Wikipedia's article on Anti-Circumvention
- Class notes
Mon Oct 21
- Midterm break! zzzzzzzz...
Wed Oct 23
- [OPTIONAL ASSIGNMENT] Exam corrections
- [LAB] netcat (nc) and some of its friends
- [READING] Notes about nc chats and IP visibility
- Class notes
- Slides
Fri Oct 25
- [READING] Cookies, up through the Implementation section
- Class notes
- Slides
Sun Oct 27
- [ASSIGNMENT] Two Topics: Cookies and Cross-Site Scripting (XSS).
Mon Oct 28
Wed Oct 30
- [ASSIGNMENT] Setting up a reverse shell
- Class notes
Fri Nov 1
Sat Nov 2
- [ASSIGNMENT] Project proposal, round 1
Mon Nov 4
Wed Nov 6
- [ASSIGNMENT] Project
Fri Nov 8
- [READING] Reflections on Trusting Trust, by Ken Thompson. This is my favorite CS paper. Come to class prepared to discuss it.
- Class notes
Mon Nov 11
- [LAB] nmap and gobuster
- Class notes
Wed Nov 13
Fri Nov 15
Wed Nov 20
- [EXAM] Final exam, part 1
- Class notes
Mon Nov 25
- [EXAM, due 5:00PM] Final exam, part 2
- [READING, if you want] Some ideas for further study -- I'll keep working on this for the next few days