Coursesyllabus < EC521 < Foswiki
Total Page:16
File Type:pdf, Size:1020Kb
CourseSyllabus < EC521 < Foswiki https://agile.bu.edu/fw/EC521/CourseSyllabus EC521 - COURSE SYLLABUS, SPRING 2021 The following course syllabus is tentative and may change or be reordered as the semester unfurls. It is also likely that some topics will be skipped for sake of time. (In other words, this syllabus tells you nothing absolute about the course contents.) Background Fundamentals Social Web Network Software Operating system Disk Applications Penetration Testing Cycle Smartphones Side-channels Cryptography Background Laws and Ethics CFAA, SCA, Patriot, Economic Espionage, COPPA, HIPPA, DMCA Privacy and Security System programming Intel Assembly C/C++ low-level debugging memory management Operating systems shell access permissions file systems Networking TCP/IP socket programming network protocols: HTTP, FTP, DNS Basic math probability discrete math 1 of 5 4:06 PM, 2/3/21, 2/3/21, 4:06 PM CourseSyllabus < EC521 < Foswiki https://agile.bu.edu/fw/EC521/CourseSyllabus number theory Fundamentals Social Social engineering Psychology Physical access Phishing, SMiShing, vishing Open-source intelligence (OSINT) Social networks User interface redressing Clickjacking, tapjacking, tabnabbing, cursorjacking, likejacking, ... Defenses Web Engines Dorks Pushpins Web Apps Open Web Application Security Project (OWASP) Injection SQL, OS, code Authentication cookies, sessions, tokens Cross-side attacks cross-side scripting (XSS), request forgeries (CSRF), history manipulation (XSHM) Open redirects Same-Origin Policy bypasses denial of service (DoS) Browser-history exfiltration Fingerprinting Defenses Network Fingerprinting Operating Systems Applications Port scanning 2 of 5 4:06 PM, 2/3/21, 2/3/21, 4:06 PM CourseSyllabus < EC521 < Foswiki https://agile.bu.edu/fw/EC521/CourseSyllabus Protocol mangling Wireless network cracking Defenses Software Code analysis Taxonomy of coding errors Overflows buffer, stack, heap format string Return-oriented programming (ROP) return to libc Binary analysis static, dynamic, call graphs Reverse engineering Symbolic execution Fuzzying Shellcode payloads sleds polymorphism detection Virtual Machines, debugging Side-channels timing, power Defenses Address space layout randomization (ASLR) Data execution prevention (DEP) stack canaries Operating system Access control executability groups, users password hashes Privilege escalation password cracking suid/sgid scripts Denial of Service Digital Bombs Backdoors 3 of 5 4:06 PM, 2/3/21, 2/3/21, 4:06 PM CourseSyllabus < EC521 < Foswiki https://agile.bu.edu/fw/EC521/CourseSyllabus Rootkits Trojans/worms/viruses BOTs and BOTNETs Defenses Disk Structure Hidden files/directories Deletion/undeletion Forensics Defenses Applications Penetration Testing Cycle Reconnaissance Scanning Access Establishing Maintaining Expanding Covering tracks Smartphones security models full disk encryption paranoid networking signed binaries ARM-based overflows Root of trust Subsystems sensors, SIM, baseband processor, assisted GPS Side-channels web user fingerprinting history leakage alternative services HTTP header 4 of 5 4:06 PM, 2/3/21, 2/3/21, 4:06 PM CourseSyllabus < EC521 < Foswiki https://agile.bu.edu/fw/EC521/CourseSyllabus low-level page-cache speculative execution spectre, meltdown, foreshadow dirty CoW Cryptography Gaurantees confidentiality, integrity, availability, non-repudiation Hashing DES, Message-Digest 5 (MD5), Secure Hash Algorithm (SHA-1, -2, -3) Advanced Encryption Standard (AES) Electronic CodeBook (ECB), Cipher Block Chaining (CBC), Galois/Counter Mode (GCM) hash chains, Merkle trees applications to bitcoin Key-hashed message authentication code (HMAC) attacks rainbow tables, birthday attacks, modification, length extension Symmetric-key encryption Public-key encryption RSA, elliptic-curve cryptopgraphy Ransomware 5 of 5 4:06 PM, 2/3/21, 2/3/21, 4:06 PM.