ECE 9609 / 9069: Introduction to Hacking

Assignments and Evaluation

Common Components

All students will be graded by the following components
Component Weight Deadline Submission Details
Assignment 1 10% Friday, January 23rd OWL Assignment 1 Instructions (Coming soon)
Assignment 2 10% Monday, February 23rd OWL Assignment 2 Instructions (Coming soon)
Assignment 3 10% Friday, February 27th OWL Assignment 3 Instructions (Coming soon)
Assignment 4 10% Friday, March 27th OWL Assignment 4 Instructions (Coming soon)
Presentation: Tool/method case study (ECE 9069 - M.Eng only) 15% Each group must email a proposal to Prof. Essex by Monday, Monday, February 9th. (Topics are first come, first serve). Groups (sizes to be determined) will select and study a specific hacker/cybersecurity software tool, technique or method not previously covered in the lectures. If you can't form a group to work with, a limited number of single-person presentations will be accepted. The group will give a presentation of their findings to the class, and if appropriate give a demonstration of the tool/method. The group will also create presentation notes to accompany their talk.

Each group will send their slides to the professor via email by the beginning of class on the day of your presentation. Presentation length to be determined. Presentations will be evaluated on the following criteria:

  • Background Did the presentation adequately explain (a) what the tool/method does, (b) how it does it, (c) who uses it or would want to use it and (d) why it would be useful? (e) what is the real-world impact and significance?
  • Technical merit. Did the topic contain an adequate degree of technical content (e.g., code, data, equations, graphs, charts, etc). Were key concepts explained?
  • Delivery. Was the presentation interesting/engaging/fun/effective? Where the presenters prepared? Were the slides clear and visually appealing? Did the presentation complete on time?
  • References. Did the group select and cite appropriate references that would allow the reader to get up to speed on the topic?
Research paper seminar series (ECE 9609 - Research students only) 15% Each student must email their proposed paper to Prof. Essex by Monday, Monday, February 23rd Each student will select an academic publication on the topic of cybersecurity and present the paper to the other research students and lead a discussion of the paper's merits and weaknesses.
Papers should be from the last 5 years and should be from a major cybersecurity conference (see this link for a list). Additional details will follow in class.
CVE Report: A vulnerability/exploit case study 15% Reports due Monday, April 13th. Each group must email a proposal to Prof. Essex by Friday, March 13th. (Topics are first come, first serve). OWL Groups (size to be determined) will select and write a report on a specific CVE of their choice. Your chosen CVE should have a CVSS score of 6.0 or higher. It should be from 2020 or later. You can use this CVE database to help you choose.

Your proposal to Prof. Essex should contain the names of your group members and the proposed:

  1. CVE number (i.e., CVE-20XX-YYYY)
  2. CVSS score (between 6.0-10.0)
  3. A brief description of the vulnerability and which product it affects
Your report will be submitted as a PDF in OWL. The PDF should be in letter size (8.5"x11") and be approximately 8-12 pages in length, plus references and any appendices. It should contain a title, the author names, an abstract (short summary) and all applicable references. References can be formatted in any commonly-used style you wish, as long as it is clear and consistent.

The report should address in your report:

  • A description of the vulnerability: What product does it affect? What could the vulnerability be used to exploit? Why is the CVSS score the way it is?
  • Relevant concepts and background needed to understand the vulnerability
  • An in-depth technical analysis of the vulnerability. How does it work in technical terms? Provide any relevant code, data, equations, graphs, diagrams.
  • Mitigation: What was done (or what is needed) to fix/patch the vulnerability?
  • Real-world impact: Was the vulnerability exploited? Was there any media coverage? Did it cause the company any reputational issues?
Research-based students (ECE 9609) are expected to submit their report prepared in a professional-looking academic typesetting program like LaTeX. For a simple web-based solution, we recommend Overleaf. If you're unfamiliar with LaTeX, check out their LaTeX in 30 Minutes tutorial.

To see examples of what your report could look like, check out some of the papers at the recent IEEE Workshop on Offensive Technologies.

Course-based masters students (ECE 9069) are not required to use LaTeX-style typesetting. No particular format or template is required, although the report should still look professional and use consistent formatting (fonts, layout, clear headings, etc.). Be sure to cite any references you draw from.

List of Selected CVE topics

  • TBD
Final test 30% Wednesday, April 1st, 10:30-11:30am. See OWL announcement for room location.