OFFENSIVE COMPUTER SECURITY 2.

0 SYLLABUS
Course provided by:

http://hackallthethings.com/

Course Lecture and Video Homepage:

http://howto.hackallthethings.com/2016/07/learning-exploitation-with-offensive.html#Schedule

About the Courseware:

The courseware is licensed Creative Commons (Non Commercial, share-alike:

https://creativecommons.org/licenses/by-nc-sa/3.0/us/​). Everyone is free to use, expand upon,
and/or modify any portion of the material included herein, as long as due credit is given and it is for
noncommercial purposes.

This courseware has been adopted by educators at over 20 universities around the world.

Course Objectives & Professional Certification:

Students who complete the professional course with a grade of 70% or higher will earn the certificate
​
titled ​Hack All The Things "​Certified Vulnerability Analyst"​. Upon successful completion of the
certificate, the student will:

● Have found their own 0-day vulnerability and ethically disclosed it.
● Know how to identify software flaws discovered through binary and source code auditing
● Know how to reverse engineer x86 binaries
● Know how to exploit software flaws (such as injection flaws, buffer overflows)
● Know how to perform network and host enumeration, as well as OS and service
fingerprinting
● Know how to perform network vulnerability analysis, penetration and post exploitation
● Know how to effectively report and communicate all of the above flaws

We have meticulously crafted the course challenges and exercises to accomplish these objectives.
The unique exercise of having students find and responsibly disclose a 0-day vulnerability proves
that they can:
 1. Find new vulnerabilities,
2. Prove they are in fact vulnerabilities, and
3. Communicate them effectively to get them patched.

These activities are core functions of a typical vulnerability analyst, and are a main theme of the
course.

Rationale:

Modern professional cybersecurity training and certification heavily focuses on teaching students to
use select tools, which is a flawed approach that produces inflexible skills destined to be obsoleted
with the tool. Additionally, it is rare for university courses or professional workshops to focus on the
deep underlying fundamentals and equip students to be able to manually solve offensive
cybersecurity issues, or write their own tools to automate the task. This course is motivated by both
of these problems and presents a rigorous, hands-on, and ethical deep-dive into the offensive side
of cybersecurity. The course objectives are accomplished by exposing the student to realistic
challenges they would be expected to face without support from any tool in a professional setting.

Instructors:

● W. Owen Redwood, Ph.D.

Required Textbooks:

1. Erickson, Jon. "Hacking: The Art of Exploitation, 2nd Edition"

2. Stuttard, Dafydd; Pinto, Marcus. “The Web Application Hacker’s Handbook, 2nd
Edition”.

Suggested Textbooks:

The following textbooks are suggested for any student who seeks advanced resources to
supplement the knowledge presented in this course:

● Kozoil, Jack. “The Shellcoder's Handbook: Discovering and Exploiting Security Holes“.
● Seacord, Robert C. “Secure Coding in C and C++, Second Edition”.

Prerequisites:

This is a highly technical class. We expect students to have a strong technical background before
taking this course. Students who have not taken a security class before or whom are otherwise
unfamiliar with computer security will not be able to complete this class. Specifically, students
should satisfy ​at least ​two​ of the following​:
1) Assembly code (Intel X86 preferred)
2) Knowledge of Computer Security basics
3) Familiarity with operating system kernel/internals (windows or linux)
4) Familiarity with command line operation of Windows AND Linux

Grading:

All homework, projects, and assignments are individual work only. No collaboration is allowed.
Discussion of material is encouraged, but discussion of answers is prohibited.
● Homeworks: 55%
○ HW 1-4 & 6-10 are 5% each
○ HW 5 is 10%
● Midterms: 30%
● Final Exam: 15%

This class will involve regular homeworks that will assess the student’s knowledge of materials on a
frequent basis. Homeworks will often expose students to tools related to subjects, and require the
student to use the tools to solve problems. Homework 5 is a small project, and may take the span of
the course to complete.

It should be noted that there is no late penalty, or due date for any assignment. The course is
entirely self-paced, as many students have full time jobs while taking this course. If students are
willing to dedicate 5-10 hours per week, they can easily follow the below schedule listed in the
Suggested Course Calendar. Otherwise for those who dedicate < 5 hours per week it may take
longer, usually around 6 months.

Extra Credit:

1) Involvement in CTF's (see ​https://ctftime.org/​ for a CTF schedule). A writeup for solved
challenges worth 300 points or more is expected for a jeopardy style CTF.

Suggested Course Calendar:

Note that this course provided by Hack All The Things is entirely self paced​. We provide the
following schedule for those willing to dedicate 5-10 hours per week to the work. We suggest that if
this course is pursued like any normal college course that it be attended twice a week with the
following (original) schedule.

Week 1:

● Lecture 01: Introduction

○ Start HW 1 (Time to complete: 2 weeks)
 ● Lecture 02: Secure C 101

Week 2:

● Lecture 03: Secure C 102

○ Start HW 2 (Time to complete 2 weeks)
○ [Optional] suggest students go through “Lecture 03b: Secure C[++] 103” on
type confusion
● Lecture 04: Code Auditing

Week 3:

● Lecture 05: Vulnerability Research (VR) Introduction & Linux Overview

● Lecture 06: Windows Overview
○ Start HW 3 (Time to complete 2 weeks)
○ [Optional] suggest students go through “Lecture 06b: Rootkits”

​Week 4:

● Lecture 07: Reverse Engineering x86 101

● Lecture 08: Reverse Engineering x86 102
○ Start HW 4 (Time to complete 3 weeks)

Week 5:

● Lecture 09: Fuzzing

● Lecture 10: Midterm Review
○ Study for Midterm 1

Week 6:

● Midterm Exam 1
○ (You should have homeworks 1-3 completed prior)
● Lecture 11: Advanced Vulnerability Analysis Topics
○ Start HW 5 (Time to complete: ​The entire semester/ course​)

Week 7:

● Lecture 12: Exploit Development 101

○ Start HW 6 (Time to complete: ​5​ weeks)
● Lecture 13: Exploit Development 102

Week 8:

● Lecture 14: Exploit Development 103

● Lecture 15: Networking 101 (TCP/IP)
○ Start HW 7 (Time to complete ​2​ weeks)

Week 9:
 ● Lecture 16: Networking 102 (Application layer)
● Lecture 17: Web Application Hacking 101
○ Start HW 8 (Time to complete 3 weeks)

Week 10:

● Lecture 18: Web Application Hacking 102

● Lecture 19: Web Application Hacking 103

Week 11:

● Lecture 20: Web Application Hacking 104 & Exploit Development 104
● Lecture 21:Exploit Development 105
○ Lecture 21b: Midterm 2 Review
■ Study for Midterm 2

Week 12:

● Midterm Exam 2​:

● Lecture 22: Exploit Development 106: Return Oriented Programming (ROP)
○ Start HW 9 (Time to complete 3 weeks)
○ [Optional] suggest students go through “Lecture 22b: History of Exploitation”

Week 13:

● Lecture 23: Exploitation 107

● Lecture 24: Social Engineering & Physical Security

Week 14:

● Lecture 25: Digital Forensics & Incident Response

○ Start HW 10 (Time to complete 1 week (due at end of semester) )
● Lecture 26: Tying All The Things Together

Week 15:

● Final Exam

Original CREATOR:
1. W. Owen Redwood, Ph.D.

Credits (Thanks) to:

Prof Xiuwen Liu (Florida State University),

Prof Mike Burmester (Florida State University),

Joshua Lawrence,

Abdullah Raiaan,

Mitch Adair,

Devin Cook,

Hahna Kane Latonick,

Jason Reynolds