Lecture Schedule

Date Subject Resources
Week 1, Jan 12 Hacking Background. Course introduction, Core network and computing concepts (Networking, Command line utlities, File permissions, Programming languages, Web technologies)
Week 2, Jan 19 Hacking and Hackers.
Week 3, Jan 26 Hacking the Web.
Week 4, Feb 2 Hacking Networks.
Week 5, Feb 9 Hacking Systems.
Week 6, Feb 16 Hacking Wifi.
Week 7, Feb 23 Reading week. No class.
Week 8, Mar 2 Presentations. Tool/Method case study presentations (Day 1)
  • Metasploit (Mandeep S.)
  • Clickjacking (Zhenjie Z.)
  • Bettercap (Jinliang Z. and Junyi Z.)
  • Web Application Attack and Audit Framework (Palash K. and Eduard N.)
  • Embedded systems security (Sara Z. and Mohamad A.)
  • Maltego Open-source Intelligence (Rocio M. and Hector G.)
Week 9, Mar 9 Presentations. Tool/Method case study presentations (Day 2)
  • Camerada CCTV hacking (Minghao D. and Xueyan Z.)
  • nmap (Anthony C. and Cornelius N.)
  • Dan B. (DDoS Mitigation)
  • Burpsuite (Gurleen K. and Sumeia E.)
  • ARP Poisoning with Cain and Abel (Yaoxi L. and Ping J.)
  • SQL Inection (Mengjie L. and Junfei W.)
  • Image-based malware (Lei Z.)
  • Rogue Access Points (Hua C.)
Week 10, Mar 16 Class is cancelled this week. Professor is away presenting at conference. During this off-time, please study the following resources below to help you do Assignment 3.
Week 11, Mar 23 Presentations. Vulnerability case study presentations
  • CVE-2018-6376, SQL injection vulnerability in Joomla! Hua C., Jinliang Z., Junyi Z., Zhenjie Z.
  • CVE-2017-0144, Windows SMB and WannaCry ransomware. Dan B.
  • CVE-2017-5753, Spectre remote code execution. Gurleen K., Mandeep S., Sumeiya E.
  • CVE-2018-1000115, DDOS attack to Github through Memcached server. Yaoxi L., Ping J., Minghao D., Xueyan Z.
  • CVE-2017-10681, Cross-site request forgery (CSRF) vulnerability in Piwigo. Mohamad A., and Sara Z.
  • CVE-2017-12615, Remote code execution in Apache Tomcat. Lei Z., Junfei W., Mengjie L.
  • CVE-2017-0199, Wild Attacks Leveraging HTA Handler. Anthony C., Cornelius N., Hector S., Rocio M.
  • CVE-2014-3566, SSL 3.0 Protocol Vulnerability and POODLE Attack. Palash K., Eduard N.
Week 12, Mar 30 Good Friday. No class.
Week 13, Apr 6 Final test. In class.