5306
The Attack and Defense of Computers

• Location:

• Office Hour:
• Location:

*** 即時線上發問系統 ***

Total Grades

• Grade (updated: 25th June)
  • If you have any question about your final grades of this course, cotact the TA between 2:00 PM ~ 3:00 PM, 23rd June through the way that the TA will post on the 即時線上發問系統. After the time we will submit the grades of this course to the school, which means I am no longer able to change the grades after the submission.

1. Syllabus (24 Feb.)
2. Malware: Logic Bombs, Key Logger, URL Injection, Browser Hijackers, Trojan Horses, and Spyware. (3 March)
3. Internet Worms, Buffer Overflow Attacks, and Heap Overflow Attacks (10 March)
4. Internet Worms, Buffer Overflow Attacks, and Heap Overflow Attacks (17 March)
5. Disk Layout, BIOS, and Viruses (24 March)
6. Macro Viruses and Boot Record Viruses (31 March)
7. Backdoors, sniffer, and Rootkits for Linux/Unix (7 April)
8. Midterm
   • Date: 7:00PM ~ 9:00PM, 14 April
   • Location: The same place as the class's
   • The exam. questions will be given in the essay-question form.
   • There are 10 short essay questions in the Midterm.
   • The total score of the midterm is 110.
   • The midterm only covers the materials taught before the midterm (Slide 31 of Backdoor)
   • Close book exam.
9. Rootkits for Linux/Unix (21 April)
10. Magic Cookies and Web Bugs (28 April)
11. HTTP cookies (5 May)
12. Due to the pandemic situation of Covid-19, to avoid violating the school's regulations, there is no class this week. (12 May)
13. Cross-Site Scripting (XSS) and SQL Injection (19 May)
14. SQL Injection and Account Stealing (26 May)
15. TCP Session Hijacking, ARP Spoofing (2 June)
16. Format String Attacks, and DoS/DDoS Attacks (9 June)
17. Due to the Covid-19, the final exam is replaced with a semester report. (16 June)
18. There is no lecture this week. (23 June)
19. supplementary material, not covered in the final exam.
    • Idle Scan, OS Fingerprinting, Footprinting, and Port Scanning.
    • DNS Servers and DNS Server Attacks
    • Whois Server

Semester Project

• Project (posted: 28 March)
• Group List (posted: 11th April)

Semester Report

• Report (posted: 7th June)
• Group List (posted: 7th June)

Announcement

• Project Team (posted: 17 Feb.)
  • Each team consists of 3 students.
  • Please e-mail your team list to the TA before 20th March.
  • The team list should contain the name, student ID, and e-mail address of every team member.
• Roll Call (posted: 28 March)
  • I will make a roll call on 31st March's class to make sure that each of you have found your project teammates.
• The semester project has been posted on this web page. (posted: 28 March)
• If you want to download the course slides, please do NOT use Chrome. (postd: 28th March)
• Midterm (posted: 10th April)
  • Date: 7:00PM ~ 9:00PM, 14th April
  • Location: The same place as the class's
  • The exam. questions will be given in the essay-question form.
  • There are 10 short essay questions in the Midterm.
  • The total score of the midterm is 110.
  • The midterm only covers the materials taught before the midterm (Slide 31 of Backdoor)
  • Close book exam.
• The Midterm Grades have been posted on this course web page. (posted: 28th April)
• The TA will explain the anwsers of two midterm questions on 5th May's class. We will give a makeup exam for the midterm on 12th May. The makeup exam questions come from the above two questions. Based on the rules that I described on 28th April's class, we will adjust your midterm grades. (posted: 4th May)
• Distance Teaching (posted: 13th May)
  • According to the latest regulations of the school, due to the new pandemic situation of Covid-19, this course will be given through distance teaching. We will carry out distance teaching through pre-recorded video at the original course hours. Hence, you can watch the lectures on-line and submit your questions and get the answers through the 即時線上發問系統 of this course in real-time at the original course hours.
  • Description explaining how to watch the pre-recorded lecture video will be provided later.
• Due to the Covid-19, the schedule of all activities of this course is postponed one week. (posted: 13th May)
• The midterm makeup is cancelled. All students are deemed as having attended the makeup exam and satisfied the adjustment requirement. We will adjust and post the new adjusted midterm grades later. (posted: 14th May)
• The demo of the semester project will be held on-line. Contact the TA to get the detailed info. (posted: 14th May)
• The adjusted Midterm Grades have been posted on this course web page. (posted: 15th May)
• Manual for how to watch lecture video and project demo. (posted: 16th May)
• (Important) Submission of the semester project. (posted: 5 June)
• Due to the Covid-19, the final exam is replaced with a semester report. There is no lecture on 23rd June. (posted: 7th June)
• Total Grade (posted: 22nd June)
  • The total grades have been posted on this course web page.
  • If you have any question about your final grades of this course, cotact the TA between 2:00 PM ~ 3:00 PM, 23rd June through the way that the TA will post on the 即時線上發問系統. After the time we will submit the grades of this course to the school, which means I am no longer able to change the grades after the submission.

Referenced Material

• Shell Code
• Some interesting security-related or attacker web sites:
  • National Vulnerability Database
  • US CERT
  • SANS InfoSec Reading Room
  • Phrack Magazine
  • Blackhat
  • SecurityFocus
• Buffer Overflow-Related Papers
  • Smashing The Stack For Fun And Profit
  • Stack Smashing Vulnerabilities in the Unix Operating System
  • The Art of Writing Shellcode, by smiler.
  • w00w00 on Heap Overflows
  • The advanced return-into-lib(c) exploits
  • The Tao of Windows Buffer Overflow
  • New Chips Stop Buffer Overflow Attacks
  • Sined's collection of intermediate papers WEB Page
  • HP-UX (PA-RISC 1.1) Overflows