Mon, Wed 5:30pm–6:50pm, Old CS 2120 Zoom
Instructor: Michalis Polychronakis, Office hours: Mon, Wed 4:00pm–5:30pm, NCS 355 Zoom
Teaching Assistants: Veena Krish, Ravinder Singh, and Heymi Dannon
Office hours: Wed 12:00–13:30pm, Old CS 2217 Zoom
Communication: Piazza


The course will cover a wide range of topics in the area of offensive computer security, trying to strike a balance between core concepts and recent advancements. The main goal of the course is to provide an understanding of various computer security concepts through a more adversarial way of thinking. By focusing on vulnerabilities and exploitation techniques, the course will cover a broad range of topics, including the ethics of offensive security, reverse engineering, software vulnerability discovery and exploitation, malicious code analysis, network traffic interception and manipulation, reconnaissance and information gathering, physical security, and social engineering.

All topics will be covered from a highly practical perspective, following a mixed format of lectures, hands-on sessions, and case studies. Students will have to complete 4–5 programming/hands-on assignments and a long-term course project (a few candidate projects will be provided).


Study Material

There is no required textbook. The following books are recommended:

  • Hacking: The Art of Exploitation, Second Edition. Jon Erickson. No Starch Press, 2008, ISBN 1593271441.
  • The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition. Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte. Wiley, 2007, ISBN 047008023X.

Additionally, there will be recommended readings for each lecture—see the schedule.

University Policies

Disability Support Services

If you have a physical, psychological, medical or learning disability that may impact your course work, please contact Disability Support Services, ECC (Educational Communications Center) Building, room 128, (631) 632-6748. They will determine with you what accommodations, if any, are necessary and appropriate. All information and documentation is confidential.

Academic Integrity

Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work. Representing another person's work as your own is always wrong. Faculty are required to report any suspected instances of academic dishonesty to the Academic Judiciary. Faculty in the Health Sciences Center (School of Health Technology & Management, Nursing, Social Welfare, Dental Medicine) and School of Medicine are required to follow their school-specific procedures. For more comprehensive information on academic integrity, including categories of academic dishonesty, please refer to the academic judiciary website.

Critical Incident Management

Stony Brook University expects students to respect the rights, privileges, and property of other people. Faculty are required to report to the Office of Judicial Affairs any disruptive behavior that interrupts their ability to teach, compromises the safety of the learning environment, or inhibits students' ability to learn. Faculty in the HSC Schools and the School of Medicine are required to follow their school-specific procedures.