CE6107
電腦攻擊與防禦
The Attack and Defense of Computers

• 吳嘉欣 (wujx89 at gmail dot com)
  • Office Hour: 14:00∼16:00 Wed.
  • Location: Room B322-1
• 許力弘 (hank861115 at gmail dot com)
  • Office Hour: 13:00 ~ 15:00 Wed.
  • Location: Room B322-1

*** 即時線上發問系統 ***

Grade

• Total Grades (updated: 31st Dec. 2024)
  • If you have any question about your grades, please contact the TAs before 11:30 AM, 2nd Jan., 2025 to book a time between 12:00 PM and 13:00 PM 2nd Jan., 2025 to see your anwer sheets. If you really have problems to do so, contact the TAs to discuss this situation with them.
  • After the above time, we will send your grades to the office of academic affairs.
• Grades of Midterm exam (24th Nov.)
• Grades of Project 1 (27th Nov.)

1. Syllabus (10th Sep.)
2. Moon Festival. No Class. (17th Sep.)
   • Video
   • Malware: Logic Bombs, Key Logger, URL Injection, Browser Hijackers, Trojan Horses, Spyware, and Internet Worms.
3. Buffer Overflow Attacks (24th Sep.)
   • Video
   • Do NOT go to the classroom.
4. Return-into-libc attacks, BOA Countermeasures (1st Oct.)
5. Heap Overflow Attacks, ROP (8th Oct.)
6. Drive-by Download (15th Oct.)
   • Video.
   • Do NOT go to the classroom.
7. Disk Layout, BIOS, and Viruses (22nd Oct.)
8. Disk Layout, BIOS, and Viruses (29th Oct.)
9. Magic Cookies, Web Bugs, and HTTP cookie (5th Nov.)
10. Midterm (12th Nov.)
    • Date: 12th Nov.
    • Location: Classroom
    • The exam questions are given in the short essay form.
    • There are 16 short essay questions in the Midterm.
    • The total score of the midterm is 110 points.
    • The midterm covers the following materials.
      • 1_malware.ppt
      • 2_BOA.ppt
      • 3_virus.ppt
    • Close book exam.
11. Cross-Site Scripting (XSS)
    Cross-stie Request Forgery
    SQL Injection
    DoS/DDoS Attacks. (19th Nov.)
    • Video
    • Do NOT go to the classroom.
12. Fileless Malware (26th Nov.)
    • Windows Fileless Malware
      • Powershell
      • Registy
      • Macro
      • HTA
      • Metasploit
      • PsExec
    • Linux Fileless Malware.
13. Makeup Exam of Midterm (3rd Dec.)
    • 補考注意事項
      • 日期：13:00 12/3 (二)
      • 地點：工五 A303
      • 考試內容：共三題，皆為期中考中的題目。補考開始前，助教會先解釋這三題的答案，解釋完後進行補考。
      • 參加資格：無論是否及格，皆可參與補考。除了期中考缺考的同學不得進行補考。
    • 成績調整方式
      • 大學部學生：
        • 期中考成績 < 40 分：若補考三題全對，期中考成績加 10 分。
        • 40 分 <= 期中考成績 < 50 分：若補考三題全對，期中考成績調整為 60 分。
        • 50 分 <= 期中考成績 < 60 分：若補考三題全對，期中考成績加 10 分。
        • 期中考成績 >= 60 分（及格同學）：若補考正確兩題或以上，期中考成績加 10 分。
      • 碩博士學生：
        • 期中考成績 < 50 分：若補考三題全對，期中考成績加 10 分。
        • 50 分 <= 期中考成績 < 60 分：若補考三題全對，期中考成績調整為 70 分。
        • 60 分 <= 期中考成績 < 70 分：若補考三題全對，期中考成績加 10 分。
        • 期中考成績 >= 70 分（及格同學）：若補考正確兩題或以上，期中考成績加 10 分。
14. Vehicle Security (10th Dec.)
15. Discussion
    • 本週 13:00-14:00 (視情況延長) 開放同學來教室詢問助教專題或是期末考相關問題， 沒有問題的同學可以不用來教室在家準備期末考。
    • 另外，希望這週預計要來詢問助教問題的同學可以先將問題寄給助教，以提升當天的回答效率。
16. Final Exam (24th Dec.)
    • Date: 24th Dec.
    • Location: classroom
    • The total scores and number of questions of the final exam will be announced later.
    • The exam questions are given in the short essay form.
    • There are 17 short essay questions in the final exam.
    • The total score of the final exam. is 120 points.
    • All of the final exam. questions come from the following materials.
      • 7_cookies.ppt
      • 8_SQL_Inj.ppt
      • 3_1_Linux_Fileless_Malware.ppt
      • 3_2_Windows_Fileless_Malware.ppt
      • 15_FAS_DDoS.ppt
      • 16_CAN_Bus.ppt
    • Close book exam.
17. supplementary material, not covered in the final exam.
    • Botnet
    • Backdoors.
    • sniffer, and Rootkits for Linux/Unix
    • Rootkits for Windows
    • DOM-based XSS
    • Account Stealing and TCP Session Hijacking
    • ARP Spoofing and Format String Attacks
    • Whois Server
    • Idle Scan, OS Fingerprinting, Footprinting, and Port Scanning.
    • DNS Servers and DNS Server Attacks

Video

• malware 1 and malware 2. (17th Sep.)
• Buffer Overflow Attacks (24th Sep.)

Bonus Competition

• If you win an excellent award in the following important contests this semester, we may add at most 80 points to your final grade of this course.
  • 金盾獎：https://security.cisanet.org.tw/index.aspx
  • HITCON CTF： 這個是線上的比賽，來參賽的隊伍都是世界各地的高手，難度會高一點。

Project

• GDB & PWN Tools
• Do your project using VirtualBox or a virtual machine.
• Project 1 (posted: 15th Oct.)
  • 平台連結。
  • 截止時間 : 23:59, 12th Nov.。
  • Project 注意事項 :
    • 各組在作業平台註冊的隊伍名稱格式為 Team_組別編號 (例如 : Team_01)。
    • project 成績以 demo 結果為主。
    • 若答出來的題目demo 時無法妥善說明會斟酌扣分，答不出來的題目若在demo時能夠說明部分進度會斟酌加分。
    • 請勿在截止前公開解法，違者以零分計算。
    • 作業平台上的題目 "helloworld" 為範例題，已經附上題目解法之程式碼，大家可以嘗試看看。
    • 所有小組組員共享同個分數，有任何小組問題請盡快與助教聯絡。
• Project 2 (posted: 3rd Dec.)
  • 平台連結。
  • 截止時間 : 23:59, 12/25。
  • Project 注意事項 :
    • project 成績以demo結果為主。
    • 若答出來的題目demo 時無法妥善說明會斟酌扣分，答不出來的題目若在demo時能夠說明部分進度會斟酌加分。
    • 請勿在截止前公開解法，違者以零分計算。
    • 所有小組組員共享同個分數，有任何小組問題請盡快與助教聯絡。
    • 若是無法連到題目提供之網址請用無痕模式再次嘗試。

Announcement

• Project Teammate (posted: 1st Sep.)
  • Each team has 3 members.
  • If you cannot find your teammates, the TAs will assign your teammates for you. However, because we do not know you, our arrangement may not be good for you; hence, you had better find your teammates yourself.
  • Please send your team member list to the TA before 1st Oct. After then the TA will find your team members for you.
  • Your grade of this course is determined by the projects; hence, if you cannot find appropriate project teammates and you cannot handle the projects alone, please consider carefully whether it is appropriate for you to take this course.
• You can find videos of this course here.
• Project 1 has been posted on this course web page. (posted: 15th Oct.)
• Project 1 Demo (posted: 29th Oct.)
  • 中央的同學基本上都以現場 demo 為主，有線上的需求請聯絡助教。
  • 清大及外校同學可以線上 demo，但請在表單上標註。
  • Demo 表單。
  • Demo 時請說明你們的解法以及為什麼你們的解法可以過。
  • 小組中每個人至少要講解一題。
  • Demo 前一天開始助教將不回應任何問題，請各組自己評估自己的解題進度。
• Midterm (posted: 11th Nov.)
  • Date: 12th Nov.
  • Location: Classroom
  • The exam questions are given in the short essay form.
  • There are 16 short essay questions in the Midterm.
  • The total score of the midterm is 110 points.
  • The midterm covers the following materials.
    • 1_malware.ppt
    • 2_BOA.ppt
    • 3_virus.ppt
  • Close book exam.
• Grades of Midterm exam have been posted on this course web page. (posted: 24th Nov.)
• Grades of Project 1 have been posted on this course web page. (posted: 27th Nov.)
• Project 2 has been posted on this course web page. (posted: 3rd Dec.)
• Project 2 Demo (posted: 15th Dec.)
  • 中央的同學基本上都以現場 demo 為主，有線上的需求請聯絡助教。
  • 清大及外校同學可以線上 demo，但請在表單上標註。
  • Demo 表單。
  • 請各組在 23:59 12/25 前填寫 demo 表單。
  • Demo 時請說明你們的解法以及為什麼你們的解法可以過。
  • 小組中每個人至少要講解一題。
  • Demo 前一天開始助教將不回應任何問題，請各組自己評估自己的解題進度。
• Discussion (posted: 15th Dec.)
  • 13:00-14:00 17th Dec.(視情況延長) 開放同學來教室詢問助教專題或是期末考相關問題， 沒有問題的同學可以不用來教室在家準備期末考。
  • 另外，希望這週預計要來詢問助教問題的同學可以先將問題寄給助教，以提升當天的回答效率。
• Final Exam (posted: 15th Dec.)(updated: 18th Dec.)
  • Date: 24th Dec.
  • Location: classroom
  • The total scores and number of questions of the final exam will be announced later.
  • The exam questions are given in the short essay form.
  • There are 17 short essay questions in the final exam.
  • The total score of the final exam. is 120 points.
  • All of the final exam questions come from the following materials.
    • 7_cookies.ppt
    • 8_SQL_Inj.ppt
    • 3_1_Linux_Fileless_Malware.ppt
    • 3_2_Windows_Fileless_Malware.ppt
    • 15_FAS_DDoS.ppt
    • 16_CAN_Bus.ppt
  • Close book exam.
• Total Grades (posted: 31st Dec. 2025)
  • The Total Grades of this course have been posted on this course web page.
  • If you have any question about your grades, please contact the TAs before 11:30 AM, 2nd Jan., 2025 to book a time between 12:00 PM and 13:00 PM 2nd Jan., 2025 to see your anwer sheets. If you really have problems to do so, contact the TAs to discuss this situation with them.
  • After the above time, we will send your grades to the office of academic affairs.

Referenced Material

• Shell Code
• Function Pointer Tutorials
• Some interesting security-related or attacker web sites:
  • National Vulnerability Database
  • US CERT
  • SANS InfoSec Reading Room
  • Phrack Magazine
  • Blackhat
  • SecurityFocus
• Buffer Overflow-Related Papers
  • Smashing The Stack For Fun And Profit
  • Stack Smashing Vulnerabilities in the Unix Operating System
  • The Art of Writing Shellcode, by smile