CEA036
The Attack and Defense of Computers

• Location: 工程五館 Room B301

• Office Hour:
• Location: Room B322-1

*** 即時線上發問系統 ***

Grades

• Grade (updated: 27th June)
  • If you have any question about your final grades of this course, cotact the TA through e-mail before 17:00, 06/29.
  • After the time we will submit the grades of this course to the school, which means I am no longer able to change the grades after the submission.

1. Syllabus (23 Feb.)
2. Malware: Logic Bombs, Key Logger, URL Injection, Browser Hijackers, Trojan Horses, and Spyware. (2 March)
3. Internet Worms, Buffer Overflow Attacks, and Heap Overflow Attacks(9 March)
4. Internet Worms, Buffer Overflow Attacks, and Heap Overflow Attacks(16 March)
5. Return-into-libc attacks, BOA Countermeasures, Drive-by Download, Rogue Anti-Virus and Botnet(23 March)
6. Botnet (30 March)
7. The school is NOT in session. (6 April)
8. Disk Layout, BIOS, and Viruses (13 April)
9. Midterm
   • Date: 7:00PM ~ 9:00PM, 20 April
   • Location: The same place as the class's
   • The exam. questions will be given in the essay-question form.
   • There are 10 short essay questions in the Midterm.
   • The total score of the midterm is 110.
   • The midterm only covers the materials taught before the midterm (Slide 31 of Backdoor)
   • Close book exam.
10. Macro Viruses and Boot Record Viruses (27 April)
11. Backdoors, sniffer, and Rootkits for Linux/Unix (4 April)
12. Rootkits for Linux/Unix (11 May)
13. Magic Cookies and Web Bugs (18 May)
14. HTTP cookies (25 May)
15. Cross-Site Scripting (XSS) and SQL Injection (1 June)
16. SQL Injection and Account Stealing (8 June)
17. TCP Session Hijacking, ARP Spoofing and Format String Attacks, and DoS/DDoS Attacks (15 June)
18. Due to the Covid-19, the final exam is replaced with a semester report. There is no lecture this week. (22 June)
19. supplementary material, not covered in the final exam.
    • Idle Scan, OS Fingerprinting, Footprinting, and Port Scanning.
    • DNS Servers and DNS Server Attacks
    • Whois Server

Semester Project

• Project (posted: 28 March) (updated: 15th May)
• Group List (posted: 31st March)
• Lab Location: Room A206, Engineering Building 6.
• Installtaion manual of Virtual Box. (posted: 29th March)
• Host Allocation Map (posted: 29th March)

Semester Report

• Report (posted: 6th June)
• Group List (posted: 6th June)

Announcement

• Project Team (posted: 17 Feb.)
  • Each team consists of 3 students.
  • Please e-mail your team list to the TA before 20th March.
  • The team list should contain the name, student ID, and e-mail address of every team member.
• Roll Call (posted: 28 March)
  • I will make a roll call on 30th March's class to make sure that each of you have found your project teammates.
• The semester project has been posted on this web page. (posted: 28 March)
• If you want to download the course slides, please do NOT use Chrome. (postd: 28th March)
• Midterm (posted: 13th April)
  • Date: 7:00PM ~ 9:00PM, 20 April
  • Location: The same place as the class's
  • The exam. questions will be given in the essay-question form.
  • There are 10 short essay questions in the Midterm.
  • The total score of the midterm is 110.
  • The midterm only covers the materials taught before the midterm (Slide 31 of Backdoor)
  • Close book exam.
• The Midterm Grades have been posted on this course web page. (posted: 25th April)
• Due to the recent pandemic situation of Covid-19, please take your seat accoring to this seating chart. (posted: 7th May)
• Distance Teaching (posted: 13th May)
  • According to the latest regulations of the school, due to the new pandemic situation of Covid-19, this course will be given through distance teaching. We will carry out distance teaching through live broadcast at the original course hours. Hence, you can watch the lectures on-line and submit your questions and get the answers through the 即時線上發問系統 of this course in real-time at the original course hours.
  • Description explaining how to watch the live lecture video will be provided later.
• Some project submission rules have been changed. (posted: 15th May)
• Manual for how to watch lecture video. (posted: 15th May)
• Submission of the semester project. (posted: 5 June)
• Due to the Covid-19, the final exam is replaced with a semester report. There is no lecture on 22nd June. (6th June)
• Total grades (posted: 27th June)
  • The Total Grades of this course have been posted on this web page.
  • If you have any question about your final grades of this course, cotact the TA through e-mail before 17:00, 06/29.
  • After the time we will submit the grades of this course to the school, which means I am no longer able to change the grades after the submission.

Referenced Material

• Shell Code
• Some interesting security-related or attacker web sites:
  • National Vulnerability Database
  • US CERT
  • SANS InfoSec Reading Room
  • Phrack Magazine
  • Blackhat
  • SecurityFocus
• Buffer Overflow-Related Papers
  • Smashing The Stack For Fun And Profit
  • Stack Smashing Vulnerabilities in the Unix Operating System
  • The Art of Writing Shellcode, by smiler.
  • w00w00 on Heap Overflows
  • The advanced return-into-lib(c) exploits
  • The Tao of Windows Buffer Overflow
  • New Chips Stop Buffer Overflow Attacks
  • Sined's collection of intermediate papers WEB Page
  • HP-UX (PA-RISC 1.1) Overflows