Fall 2018 Schedule

Week Topic Readings Due
1 CISSP, Vulnerabilities vs. Exploits (APT),
Death of A Telecommuter, OWASP Top 10 (overview),
Microsoft Perspective, FireEye, Whitman,
DNC Hack (SeaDaddy), KrebsonSecurity (DDoS)
Ch. 1, 2
Server Services
2 Need for Security, Ethics and Law
Ch. 3 Sunday: Configuration (VMWare, Windows Server and Ubuntu Server configuration - A1.1),
Server Accounts and Services (ssh/rdp, http - A1.2 and A1.3)
3 Threat Analysis, SANSOWASP Top 10 (detail), 
Ch. 4 Sunday: Server Services (SQL, scripting - A1.4)
4 SQL InjectionDemo1, UnixWiz, Assignment Setup, MSSQL Metadata, Reviewing Code, troyhunt,
Cross Site Scripting: (Skoudis, Malpani, VF XSS 1, VF XSS 2, Hacksplaining, FAQ, Testing, Cheat Sheet, Simple Example, More Tests)
BlackHat2018 - Parisa Tabriz
HTTPS Refresh
LetsEncrypt - HowItWorks
Sunday:  Risk Analysis (A2)
5 Is MYSQL better?, MYSQL Injection, Escape (Getting Around "mysql_escape", Addslashes), UTF-8, Blind MYSQL Injection, OWASP Testing Guide
Parameterized Queries: PHP+mySQL, Blog
  Online Quiz: Whitman - Chapter 1, 2, and 3.
6 Kali, sqlmap
Windows (LM, Server), GPUs (today)
Hashing Basics (SHA), Salts, Salted Password Hashing, SQLServerSalt
Linux  (Cracking, Rainbow Tables, John, HashCat, MySpace, THC Hydra: (tutorial))
IPSEC and SSL Sunday: Web Pages Secured from Injection (A3.1,3.2)
7 RECON (Port Listing),
Network Scanning (Sniffing/Spoofing), nmap (cheat sheet)
Ch. 6  (Firewalls) Sunday: Server Services (shared drives - A1.5)
8 WireShark (Tutorial, Tutorial, Samples)

Overflows  (Michael Howard)

Vulnerability Scanner: OpenVAS (install, install, tuning, tutorial, tutorial)
Google Hacking, GoogleDorks (DarkMoreOps, Amazon example)
Social (Maltego, Paterva)
Ch. 7
(Worms, Code Red, Slammer, SQLUDP, uPNP, MyDoom-exploit, STUXnet, StuxnetLeaks, Java, Embedded Systems)  
Sunday: Scan Report and Trace Analysis (A4)
Intrusion Detection Systems, Intrusion Protection SystemsFuzzing (BurpSuite)
Config Windows Firewall for DB,

  Friday and Sunday: Mid Term Exam
10 pfSense, SELKS (Comparison, Taylor, ), ProtectWise

Application IDS, Dashboard (AppSecUSA2015(8:25-19:47,24:00-35:10), CISO Brief, MeltonBlog, Response)
Snort (Picture, Symantec Snort Rule, CSE_2014), Snorby,
Ch. 8
Sunday: Firewall (A5)
11 MetaSploit (unleashed, darknet, irongeek), Armitage (manual, example, video, blog),  NetCat
Backdoors Sunday: IDS (A6)
12 Penetration Test Competition and Open Season!
SSD Encryption!
Visualizations (Kaspersky, ThreatCloud, DigitalAttackMap, Daedalus, NorseMap)
DDOS (stophaus, cyberpunker)
Wireless (Cracking (WEP/WPA, Dictionary, WPS), Canary, Flying)
Wifi Background  
13  GlobalSign, Tracking Invalid Certificates, FREAK Attack
GPS Spoofing, Airplane Hack, Firesheep (Article)

Rootkits - Zeus(wiki), (Trackers, Krebs, off-sho.re+ArrestConviction)
Certificate Chain of Trust Sunday: Server Password Crack'd (A7) - cancelled!
15 Tuesday:  Guest Presentation

Thursday: Class Cancelled
Ch. 5
Archive:  - HowTo (Operation High Roller, Mariposa and more),  Tech Support Scams
Sunday: New System Protected
16 IBM XForce, Cloud Security
Honeypot and Malware Analysis: (Cuckoo, VirusTotal)

Mobile:  SmartPhones, BYOD (Presentation)
Forensics (Linux Example), Covering Tracks, Autopsy
  Sunday: Penetration Test