CEA036
The Attack and Defense of Computers

• Location: 工程五館 Room B301

• Office Hour:
• Location: Room B322-1

Total Grades

• Grade (upgrated: 19th June)
  • If you have any question about your final grade of this course, come to my office between 11:00 AM and 12:00 PM 22nd June. After that time, I will submit the grades of this course to the school, which means after then I am no longer able to change any grade.

1. Syllabus(15th Feb.)
2. Malware: Logic Bombs, Key Logger, URL Injection, Browser Hijackers, Trojan Horses, and Spyware.(22nd Feb.)
3. Internet Worms, Buffer Overflow Attacks, and Heap Overflow Attacks (1st March)
4. Return-into-libc attacks, BOA Countermeasures, Drive-by Download, Rogue Anti-Virus and Botnet (8th March)
5. Disk Layout, BIOS, and Viruses (15th March)
6. Macro Viruses and Boot Record Viruses (22nd March)
7. Backdoors, sniffer, and Rootkits for Linux/Unix (29th March)
8. Spring Break. The school is NOT in session. (5th April)
9. Rootkits for Linux/Unix (12th April)
10. Midterm
    • Date: 7:00PM ~ 9:00PM, 19th April
    • Location: The same place as the class's
    • The exam. questions will be given in the essay-question form.
    • There are 12 short essay questions in the Midterm.
    • The total score of the midterm is 110.
    • The midterm only covers the materials taught before the midterm. But the midterm questions do not include "Virus."
    • Close book exam.
11. Magic Cookies and Web Bugs (26th April)
12. HTTP cookies (3rd May)
13. Cross-Site Scripting (XSS) and SQL Injection (10th May)
14. SQL Injection and Account Stealing (17th May)
15. Account Stealing, TCP Session Hijacking (24th May)
16. ARP Spoofing and Format String Attacks, and DoS/DDoS Attacks (31st May)
17. Format String Attacks, and DoS/DDoS Attacks(7th June)
18. Final Exam.
    • Date: 7:00PM ~ 9:00PM, 14th June
    • Location: The same location as the class
    • The exam. questions will be given in the essay-question form.
    • There are 14 short essay questions in the final exam.
    • The total score of the final exam. is 110 points.
    • All of the final exam. questions come from the materials taught after the midterm.
    • Close book exam.
19. supplementary material, not covered in the final exam.
    • Idle Scan, OS Fingerprinting, Footprinting, and Port Scanning.
    • DNS Servers and DNS Server Attacks
    • Whois Server

Semester Project

• Installtaion manual of Virtual Box. (posted: 30th March)
• Lab Location: Room A206, Engineering Building 6.
• Group List (updated: 30th March)
• Host Allocation Map (posted: 30th March)
• Project (posted: 27th March)

Announcement

• Click here to see the course videos. However, you need to register an account first to enter the course. All course videos will be uploaded to this website. Feel free to contact the TA (Mr. 吳駿劭) if you have any questions. (posted 22nd Feb.)
• Project Team (posted: 24th March)
  • Each team consists of 3 students.
  • Please e-mail your team list to the TA before 29th March.
  • The team list should contain the name, student ID, and e-mail address of every team member.
• Roll Call (posted: 24th March)
  • We will give a roll call on 29th March's class to make sure that each of you has already found your teammates.
  • For those who have not found their teammates, we will help you find your teammates after the roll call.
• The semester project has been posted on this web page. (posted: 27th March)
• The midterm has been postponed to 19th April 2017. (posted: 5th April)
• Midterm (posted: 14th April)
  • Date: 7:00PM ~ 9:00PM, 19th April
  • Location: The same place as the class's
  • The exam. questions will be given in the essay-question form.
  • There are 12 short essay questions in the Midterm.
  • The total score of the midterm is 110.
  • The midterm only covers the materials taught before the midterm. But the midterm questions do not include "Virus."
  • Close book exam.
• The Midterm Grades have been posted on this course web page. (26th April)
• The New Midterm Grades have been posted on this course web page. (7th June)
• Final Exam. (posted: 8th June)
  • There are 14 short essay questions in the final exam.
  • The total score of the final exam. is 110 points.
  • All of the final exam. questions come from the materials taught after the midterm.
  • Close book exam.
• Announcement of Course Grades (posted: 8th June)
  • The temporal time to post the final grade of this course is 11:00 AM 22nd June.
  • If you have any question about your final grade of this course, come to my office between 11:00 AM and 12:00 PM 22nd June. After that time, I will submit the grades of this course to the school, which means after then I am no longer able to change any grade.
• Total Grades
  • The Total Grades have been posted on this course web page.(19th June)
  • If you have any question about your final grade of this course, come to my office between 11:00 AM and 12:00 PM 22nd June. After that time, I will submit the grades of this course to the school, which means after then I am no longer able to change any grade.

Referenced Material

• Shell Code
• Some interesting security-related or attacker web sites:
  • National Vulnerability Database
  • US CERT
  • SANS InfoSec Reading Room
  • Phrack Magazine
  • Blackhat
  • SecurityFocus
• Buffer Overflow-Related Papers
  • Smashing The Stack For Fun And Profit
  • Stack Smashing Vulnerabilities in the Unix Operating System
  • The Art of Writing Shellcode, by smiler.
  • w00w00 on Heap Overflows
  • The advanced return-into-lib(c) exploits
  • The Tao of Windows Buffer Overflow
  • New Chips Stop Buffer Overflow Attacks
  • Sined's collection of intermediate papers WEB Page
  • HP-UX (PA-RISC 1.1) Overflows