Course Syllabus

CNIT 127 - Exploit Development Catalog Description:

Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.

Advisory: CS 110A or equivalent familiarity with programming

 

Upon successful completion of this course, the student will be able to:

A. Read and write basic assembly code routines

B. Read and write basic C programs

C. Recognize C constructs in assembly

D. Find stack overflow vulnerabilities and exploit them

E. Create local privilege escalation exploits

F. Understand Linux shellcode and be able to write your own

G. Understand format string vulnerabilities and exploit them

H. Understand heap overflows and exploit them

I. Explain essential Windows features and their weaknesses, including DCOM and DCE-RPC

J. Understand Windows shells and how to write them

K. Explain various Windows overflows and exploit them

L. Evade filters and other Windows defenses

M. Find vulnerabilities in Mac OS X and exploit them

N. Find vulnerabilities in Cisco IOS and exploit them

 

LEARNING OBJECTIVES

1. Read and write basic assembly code routines

2. Find stack overflow vulnerabilities and exploit them

3. Evade filters and other Windows defenses

 

Textbook

"The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q

 

Quizzes

The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts If you take the quiz twice, the second score is the one that counts, not necessarily the higher score.

 

LATE WORK POLICY

Projects submitted late lose 5 points, unless they are more than 2 weeks late in which case they are worth nothing.

 

EXTRA CREDIT

There will be extra-credit projects as well, which are not required but which will increase your score if you do them correctly.

 

TIME COMMITMENT

Since this is a hands-on computer course, you should plan on spending at least 3-6 hours per week of computer time in addition to normal study time outside of class.

 

ETHICS

OBEY THE LAW!  Don’t enter computer systems without the permission of the owners, or disrupt networks. The hacking skills taught in this course are only safe and legal when used on your own computers, or on computers you have permission to use. If you break the law, you face possible criminal prosecution and prison time, and neither your instructor nor CCSF will be able to save you.

In addition, students who commit computer crimes may receive a point loss or other penalty, up to and including an immediate final grade of F and being banned from the computer labs. If a situation arises where you are uncertain about the ethics involved, please talk to your instructor.

 

Security professionals are held to high standards of ethics, like police officers. Lying, copying others' work and passing it off as your own, and performing cybercrimes will not be tolerated in this class. Offenders will be punished by losing points, or by immediate expulsion and a final grade of F, at the discretion of the instructor. If you are unsure whether something is unethical, please discuss it with your instructor before submitting questionable work for credit.

Students who demonstrate serious irresponsibility or immaturity may be expelled at any time.

 

ACADEMIC HONESTY

If a student is found to be cheating on any test or homework, that student may suffer a loss of points, or a larger penalty, including expulsion from the class.

Cheating includes- but is not limited to- submitting another student's work under your name. It is acceptable to help other students by answering questions about how to do the homework, but each student must do their own work.

If a situation arises where you are uncertain about the ethics involved, please talk to me.

 

ATTENDANCE

As we are online this semester, the class discussions will count as your attendance, and they are required.  Normally, I do not have a hard attendance requirement for my classes.  As we are online, we need to comply with auditing requirements.  YOU MUST PARTICIPATE IN THE DISCUSSIONS.

I reserve the right to drop any student who has missed three discussions.  However, under normal circumstances, I do NOT drop students from the class rolls. It is the student’s responsibility to file the paperwork needed to drop or withdraw from this class. If you simply stop attending class, you will probably receive a failing grade for the course.

 

ACCOMMODATIONS

If you need classroom or testing accommodations because of a disability, have emergency medical information to share with me, or need special arrangements in case the building needs to be evacuated, please contact me at ebiddlecome@ccsf.edu

 

Contact instructor via CANVAS inbox.

For topics unrelated to this course, E-mail: ebiddlecome@ccsf.edu
Office Hours: By appointment

I reserve the right to change any of these policies as necessary during the semester and will inform you of any changes.