ASSIGNMENTs are due on the day in which they appear below. Due time is 5:00PM if the due date is a Friday, or 11:59PM otherwise. Do READING/VIDEO items by class time on the date where they appear. LABs will happen during class.
M Sep 15
- [READING] Course information
- [READING] Look at our course resources page
- [SURVEY] If you haven't yet, please fill out this survey
- [LAB] What's in an HTTP query and response?
- [ASSIGNMENT] Set up Slack, git, and Kali.
- [ASSIGNMENT for the term] Practice your security mindset
- Class notes
W Sep 18
- [READING] Inside the Twisted Mind of the Security Professional, by Bruce Schneier
- [VIDEO] (19:38) Introduction to HTTP
- [LAB] Some command-line networking tools
- [ASSIGNMENT] Over the Wire's "bandit"
F Sep 19
- [READING] A note on ethics
- [VIDEO] (30:04) Introduction to Wireshark (from spring 2021, when we were using VirtualBox instead of UTM and VMWare)
- Class notes
Sat Sep 20
- [ASSIGNMENT] Getting started with Wireshark
M Sep 22
- [READING] History of the browser user agent string
- [VIDEO] (12:35) Intro to base64
- [READING] base64 (no need to read thoroughly; consult as needed)
- [LAB] A very brief intro to Burp Suite's proxy tool
- Class notes
- Slides
W Sep 24
- [READING] Study questions for cryptography
- [VIDEO] (25:54) Symmetric encryption
- [LAB] Symmetric encryption with openssl
- Class notes
- Slides
Th Sep 25
- [ASSIGNMENT] HTTP's Basic Authentication: A Story
F Sep 26
- [VIDEO] (21:40) Public-Key (Asymmetric) encryption
- [VIDEO] (9:32) Diffie-Hellman key exchange
- [LAB] Diffie-Hellman and RSA by hand
- Class notes
- Slides
Sun Sep 28
- [ASSIGNMENT] Being Eve
M Sep 29
- [VIDEO] (12:20) Reading technical specifications
- [OPTIONAL LAB] Setting up password-free login. Do this on your own sometime if you're interested.
- Class notes
- Slides
W Oct 1
- [VIDEO] (33:41) Cryptographic hash functions
- [READING] Sections 1, 1.1, 2, 2.1, and 2.2 of RFC 7230: Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing and Sections 4 and 5.5 in RFC 7231: Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content. Be ready to discuss your questions. Feel free to post questions and thoughts in advance on Slack #general ahead of time.
- [ASSIGNMENT] What's in a key file?
- Class notes
- Slides
F Oct 3
- [VIDEO] (25:00) Public Key Infrastructure (PKI)
- [LAB] Digital Signatures
- Class notes
Sun Oct 5
- [ASSIGNMENT] Some cryptographic scenarios
Mon Oct 6
Wed Oct 9
Fri Oct 11
- In-class exam
Mon Oct 13
- [READING] Threat Modeling Explained (blog post). Focus especially on STRIDE.
- [READING] The Threat Modeling Manifesto
- [READING] The CIA Triad
- [LAB] Threat modeling
- Class notes
Wed Oct 15
- [ASSIGNMENT] An ethical analysis
- [LAB] netcat (nc) and some of its friends
- Class notes
Fri Oct 17
- [READING] Notes about nc chats and IP visibility
- [READING] Lessons from 22 Years of the U.S. DMCA, by Cory Doctorow. Be prepared to discuss today (Friday 10/20). Keep in mind that this is an opinion piece, so keep your critical thinking glasses on.
- [READING, OPTIONAL] While reading the Doctorow essay, you might find this useful: the US Law section of Wikipedia's article on Anti-Circumvention
Mon Oct 20
- Midterm break
Wed Oct 22
- [OPTIONAL ASSIGNMENT] Exam corrections
Fri Oct 25
- [READING] Cookies, up through the Implementation section
- [VIDEO] (31:27) Cookies
- Class notes
- Slides
Sat Oct 25
- [ASSIGNMENT] Two Topics: Cookies and Cross-Site Scripting (XSS).
Mon Oct 27
Wed Oct 29
- [ASSIGNMENT] Setting up a reverse shell
- [LAB] that crazy bash command
- Class notes
Fri Oct 31
- [ASSIGNMENT] Project proposal, round 1
- Class notes
Mon Nov 3
Wed Nov 5
Mon Nov 10
Wed Nov 12
- [ASSIGNMENT] Project, all deliverables delivered
- Class notes
Fri Nov 14
Wed Nov 19
- [EXAM] Final exam, part 1
Mon Nov 24
- [EXAM] Final exam, part 2