Fall 2017 Schedule

Week Topic Readings Due
1 CISSP, Vulnerabilities vs. Exploits (APT),
Death of A Telecommuter, OWASP Top 10 (overview),
Microsoft Perspective, FireEye, Whitman,
DNC Hack (SeaDaddy), KrebsonSecurity (DDoS)
Ch. 1, 2
Assignments
Server Services
(TCP, UDP, ICMP)
 
2 Need for Security, Ethics and Law
Ch. 3 Sunday: Configuration (VMWare, Windows Server and Ubuntu Server configuration - A1.1),
Server Accounts and Services (ssh/rdp, http - A1.2 and A1.3)
3 Threat Analysis, SANSOWASP Top 10 (detail), 
Ch. 4 Sunday: Server Services (SQL, scripting - A1.4), Risk Analysis (A2)
4 SQL InjectionDemo1, UnixWiz, Assignment Setup, MSSQL Metadata, Reviewing Code, troyhunt,
Cross Site Scripting: (Skoudis, Malpani, VF XSS 1, VF XSS 2, Hacksplaining, FAQ, Testing, Cheat Sheet, Simple Example, More Tests)
   
5 Is MYSQL better?, MYSQL Injection, Escape (Getting Around "mysql_escape", Addslashes), UTF-8, Blind MYSQL Injection, OWASP Testing Guide
  Online Quiz: Whitman - Chapter 1, 2, and 3.
6 Kali, sqlmap
Windows (LM), GPUs (today)
Hashing Basics, Salts, Salted Password Hashing, SQLServerSalt
Linux  (Cracking, Rainbow Tables, John, HashCat, MySpace, THC Hydra: (tutorial))
IPSEC and SSL Sunday: Web Pages Secured from Injection (A3.1,3.2)
7 RECON (Port Listing),
Network Scanning (Sniffing/Spoofing), nmap (cheat sheet)
Ch. 6  (Firewalls) Sunday: Server Services (shared drives - A1.5)
8 WireShark (Tutorial, Samples)

Overflows  (Michael Howard)

Vulnerability Scanner: OpenVAS (install)
Google Hacking, GoogleDorks (DarkMoreOps, Amazon example)
Social (Maltego, Paterva)
Ch. 7
(Worms, Code Red, Slammer, SQLUDP, uPNP, MyDoom-exploit, STUXnet, StuxnetLeaks, Java, Embedded Systems)  
Sunday: Scan Report and Trace Analysis (A4)
9
Intrusion Detection Systems, Intrusion Protection SystemsFuzzing (BurpSuite)
Config Windows Firewall for DB,

  Friday and Sunday: Mid Term Exam
10 pfSense, SELKS (Comparison, Taylor, )

Application IDS (AppSecUSA2015(8:25-19:47,24:00-35:10), CISO Brief, MeltonBlog, Dashboard, Response)
Snort (Picture, Symantec Snort Rule, CSE_2014), Snorby,
Ch. 8
Sunday: Firewall (A5)
11 MetaSploit, unleashed (intro, another, darknet, irongeek db_autopwn), Armitage (video, blog),  NetCat
Backdoors Sunday: IDS (A6)
12 Penetration Test Competition and Open Season!

Visualizations (NorseMap, DigitalAttackMap, Daedalus)
Wireless (Cracking (WEP/WPA, WPS), Canary, Flying)
Wifi Background  
13 Certificate Chain of Trust, GlobalSign, Tracking Invalid Certificates, FREAK Attack
GPS Spoofing, Airplane Hack, Firesheep,
  Sunday: Server Password Crack'd (A7)
15 Parameterized Queries: PHP+mySQL, Blog

Rootkits - Zeus/SpyEye (Trackers, off-sho.re+ArrestConviction), Hacked-PC

Analytics: MSDCU, BotNets

Forensics (Linux Example), Covering Tracks, Autopsy

Archive:  - HowTo (Operation High Roller, Mariposa and more), DDOS (stophaus, cyberpunker), Tech Support Scams
Ch. 5
DefCon
Sunday: New System Protected
16 Presentation by Schwab!!! (Cuckoo, VirusTotal)
IBM XForce
Mobile:  SmartPhones, BYOD (Presentation),
Cloud Security, Security Metrics
  Sunday: Penetration Test