Error message

User warning: The following module has moved within the file system: ldap_user. In order to fix this, clear caches or put the module back in its original location. For more information, see the documentation page. in _drupal_trigger_error_with_delayed_logging() (line 1156 of /usr/local/stow/drupal-7.82/lib/drupal-7.82/includes/bootstrap.inc).

Instructions

Preparation

All participants (including those not yet formally registered):

  1. Fill the course questionnaire
  2. Subscribe to the course mailing list
  3. To submit exercises and send personal questions, use the course staff's email address.
  4. For public questions and discussions, use the course forum

 

Virtual machine

In this course we will be running exercises in a virtual machine.

  1. Oracle VirtualBox virtual machine manager: the software is free and available for download here. It is installed in the CS computer labs.
  2. Download the virtual machine image (1.7GB)  used in the exercises. (md5sum: 07bba01a387b5e84aba3f3fd572a3393)

 

Exercise submission

The best 75% of exercises will be used to calculate your grade.
 

Exercises should be submitted in two copies:

  1. Via the Box.com folder you have been assigned.
  2. To the course e-mail address.

 

General Guidelines:

  1. Please make sure to store the answers to each question in a different sub-directory named qX (i.e.: q1, q2, q3, q4, …).
  2. Assembly files should be stored with a “asm” suffix (i.e.: q2.asm). Text files should be stored with a “txt” suffix (“q4.txt”)
  3. A readme file at the root of the exercise is important for anything you'd like to exercise checker to know. Use it but don't abuse it.
 

Box.com Submission Guidelines:

  1. Fill out the course questionnaire! Do not wait for the final day to do this!
  2. Some time after filling out the course questionnaire, you should receive a shared folder notification to the e-mail address you provided in the course questionnaire.
  3. Use the shared folder provided, to submit each exercise.
  4. Your solution to each exercise should be in its own folder, named "exYY", where YY is the exercise number (i.e.: ex00, ex01, ex02, ex03 and so on).

 

E-mail Submission Guidlines:

  1. Send to the following address: infosec14.course@gmail.com.
  2. Please use the following format for the email subject: "[INFOSEC13] Exercise #[EXERCISE NO.] - [NAME], ID: [ID]". 
    i.e.: "[INFOSEC14] Exercise #11 - John Smith, ID: 313371337".
  3. Please attach only the files which are relelvant to the result in an easy to understand directory tree, which should be packed in a 7zip file (submit a single file). See an example submission here.

    How to create a 7zip archive in linux: use the command "7za a ex_[EXERCISE NO.]_[ID#]_[FIRST_NAME]_[LAST_NAME]_.7z [DIRECTORY TO PACK]".
    i.e.: "7za a ex_11_055555559_Moshe_Cohen.7z solution_to_ex_11/".


Textbooks

There is no single textbook for this course. The following books contains significant relevant material. Additional resources will be provided during the lectures and recitations.

 

General

  • Ross Anderson
    Security Engineering (2nd Ed.)
    [online]

Reverse engineering

  • Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte
    The Shellcoder's Handbook: Discovering and Exploiting Security Holes (2nd Ed.)
    [online]
  • Eldad Eilam
    Reversing: Secrets of Reverse Engineering
    [books24x7]
  • Michael Sikorski and Andrew Honig
    Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
    [books24x7]
  • Mark Dowd, John McDonald, Justin Schuh
    The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities

 

Similar courses

Stanford University course CS155 has excellent slides and reading materiel, some of which is reused in our course.