ECE 9609 / 9069: Introduction to Hacking

Assignments and Evaluation

Common Components

All students will be graded by the following components
Component Weight Deadline Submission Details
Assignment 1 10% Friday, January 26th OWL Assignment 1 Instructions
Assignment 2 10% Friday, February 16th OWL Assignment 2 Instructions
Assignment 3 10% Friday, March 1st OWL Assignment 3 Instructions
Assignment 4 10% Friday, March 15th Friday, April 5th OWL Assignment 4 Instructions
Presentation: Tool/method case study (ECE 9069 - M.Eng only) 20% Each group must email a proposal to Prof. Essex by Monday, February 27th. (Topics are first come, first serve). Remote/online Groups of 3-5 students will select and study a specific hacker/cybersecurity software tool, technique or method not previously covered in the lectures. If you can't form a group to work with, a limited number of single-person presentations will be accepted. The group will give a presentation of their findings to the class, and if appropriate give a demonstration of the tool/method. The group will also create presentation notes to accompany their talk.

Each group will have 10 15 minutes to present. Each group will send their slides to the professor via email by the beginning of class on the day of your presentation. Presentations will be evaluated on the following criteria:

  • Background Did the presentation adequately explain (a) what the tool/method does, (b) how it does it, (c) who uses it or would want to use it and (d) why it would be useful? (e) what is the real-world impact and significance?
  • Technical merit. Did the topic contain an adequate degree of technical content (e.g., code, data, equations, graphs, charts, etc). Were key concepts explained?
  • Delivery. Was the presentation interesting/engaging/fun/effective? Where the presenters prepared? Were the slides clear and visually appealing? Did the presentation complete on time?
  • References. Did the group select and cite appropriate references that would allow the reader to get up to speed on the topic?
Research paper seminar series (ECE 9609 - Research students only) 20% Details to follow
CVE Report: A vulnerability/exploit case study 10% Report due April 19th. Each group must email a proposal to Prof. Essex by Friday, March 15th. (Topics are first come, first serve). Online in OWL Groups of 2-5 students will select and write a report on a specific CVE of their choice. Your chosen CVE should have a CVSS score of 5.0 or higher. It should be from 2015 or later. You can use this CVE database to help you choose.

Your proposal to Prof. Essex should contain the names of your group members and the proposed:

  1. CVE number (i.e., CVE-20XX-YYYY)
  2. CVSS score (between 5.0-10.0)
  3. A brief description of the vulnerability and which product it affects
Your report will be submitted as a PDF in OWL. The PDF should be in letter size (8.5"x11") and be approximately 8-12 pages in length, plus references and any appendices. It should contain a title, the author names, an abstract (short summary) and all applicable references. References can be formatted in any commonly-used style you wish, as long as it is clear and consistent.

The report should address in your report:

  • A description of the vulnerability: What product does it affect? What could the vulnerability be used to exploit? Why is the CVSS score the way it is?
  • Relevant concepts and background needed to understand the vulnerability
  • An in-depth technical analysis of the vulnerability. How does it work in technical terms? Provide any relevant code, data, equations, graphs, diagrams.
  • Mitigation: What was done (or what is needed) to fix/patch the vulnerability?
  • Real-world impact: Was the vulnerability exploited? Was there any media coverage? Did it cause the company any reputational issues?
Research-based students (ECE 9609) are expected to submit their report prepared in a professional-looking academic typesetting program like LaTeX. For a simple web-based solution, we recommend Overleaf. If you're unfamiliar with LaTeX, check out their LaTeX in 30 Minutes tutorial.

To see examples of what your report could look like, check out some of the papers at the recent IEEE Workshop on Offensive Technologies.

Course-based masters students (ECE 9069) are not required to use LaTeX-style typesetting. No particular format or template is required, although the report should still look reasonably professional and use consistent formatting (fonts, layout, clear headings, etc.). Be sure to cite any references you draw from.

List of Selected CVE topics

  • CVE-2023-32004: Kexun N., Kaixin W., Haoxiang W., Jingyi W.
  • CVE-2023-34312: Xianghu D., Xutong L., Weixi S., Baitong W., Junhao H.
  • CVE-2021-44228: Yi F.,Yalin Z.,Xinying W.,Wenyi Y.,Zhichen Y.
  • CVE-2023-26360: Finn H., Aikamdeep M.
  • CVE-2023-38831: Lihong C., Dongdong L., Longjie F.
  • CVE-2021-44228: Wangyang Y., Yue H., Pinxuan Y., Shuyi L.
  • CVE-2017-1000251: Mansimar B., Gagan Singh., Gurjot S., Sherry A., James S.
  • CVE-2023-23397: Haoran W., Ruiqing S., Haoxuan X.
  • CVE-2022-0185: Ahmed Abdalla., Da C., Hadi S,. Junyan H., Mohammed K.
  • CVE-2022-24124: Yao G., Zhang W., Zhijie Z., Jiateng L., Xi H.
  • CVE-2024-27889: Harshit k., Sidhartha K., Syed H., Omar F.
  • CVE-2021-24086: Tiansheng H., Yeyang L., Wei W., Ruiqi Z., Zichen Z.
  • CVE-2023-50731: Xiaoyun H., En Y., Mathangi C., Prashansa A., Fatema H.
  • CVE-2023-34039: Aalia H., Doaa A., Priyanka K., Zakiya A.
  • CVE-2018-1002105: Reza M., Stephan D., Saeid A., Rishabh J., James Z.
  • CVE-2017-5638: Andrea A., Justin C., Liam F., Roman K.
  • CVE-2021-4034: Jian L., Yinglun S.,Yanhua Z., Zelin Z., Yujia Z.
  • CVE-2016-5195: Haoming Z., Peiwen Z., Aozhuo Z., Yiyang H., Xinyue L.
Final exam 30% Friday, April 12th, 1:00pm to 2:00pm in SEB 2200