CSE 363: Offensive Security, Spring 2025

Introduction and Basic Concepts

Reflections on Trusting Trust
Why Offensive Security Needs Engineering Textbooks

Threat Landscape and Basic Security Principles

The Protection of Information in Computer Systems
ENISA Threat Landscape 2024
Buying Spying: Insights into Commercial Surveillance Vendors

Ethics

Legal Issues Surrounding Monitoring During Network Research
About Penetration Testing
Markets for Zero-Day Exploits: Ethics and Implications
Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws
Project Zero: Policy and Disclosure: 2021 Edition
The Shapeshifting Crypto Wars

Network Sniffing

tcpdump
Wireshark
Scapy

Network Traffic Interception

Beej's Guide to Network Concepts
Deep dive into QUANTUM INSERT
airpwn-ng

Network Traffic Interception

Transport Layer Security (TLS)
sslstrip
Bettercap
Performing & Preventing SSL Stripping: A Plain-English Primer

DNS Attacks

Using the Domain Name System for System Break-ins
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
Hold-On: Protecting Against On-Path DNS Poisoning
The Hitchhiker’s Guide to DNS Cache Poisoning
An Illustrated Guide to the Kaminsky DNS Vulnerability
DNS security threats and mitigations
DNS Security: Threat Modeling DNSSEC, DoT, and DoH
DNSSEC Deconstructed
Adopting Encrypted DNS in Enterprise Environments
A simple DNS lookup tool

Reconnaissance

nmap
The Art of Port Scanning
ZMap: Fast Internet-Wide Scanning and its Security Applications
A Brief History of Scanning
An Internet-Wide View of Internet-Wide Scanning

Supply Chain Attacks (Guest lecture by Harshvardhan Patel)

No Class

Denial of Service Attacks

Inferring Internet Denial-of-Service Activity
A Taxonomy of DDoS Attack and DDoS Defense Mechanisms
Amplification Hell: Revisiting Network Protocols for DDoS Abuse
China’s Great Cannon

Tunneling

Walls and Gates
Everything VPN is New Again
Wireguard
Algo VPN
Embracing a Zero Trust Security Model
Zero Trust Architecture
BeyondProd: A new approach to cloud-native security

Authentication

A Framework for Comparative Evaluation of Web Authentication Schemes
Dos and Don’ts of Client Authentication on the Web
Designing an Authentication System: a Dialogue in Four Scenes
Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials
zxcvbn

Midterm

No Class: Spring Recess

No Class: Spring Recess

Authentication

x86 101

Intel® 64 and IA-32 Architectures Software Developer Manuals
x86 Assembly
Understanding Windows x64 Assembly
Gustavo Duarte's Software Illustrated blog posts
NASM Assembly Language Tutorials
Computer Science from the Bottom Up

Reverse Engineering

Introduction to Reverse Engineering Win32 Applications
Reverse Engineering for Beginners
How main() is executed on Linux
Reverse Engineering Challenges
System V Application Binary Interface
Malware-Analysis-Training
angr
(State of) The Art of War: Offensive Techniques in Binary Analysis

Reverse Engineering

Software Vulnerabilities

Low-level Software Security: Attacks and Defenses
OWASP: Vulnerabilities
Heap Exploitation Part 1: Understanding the Glibc Heap Implementation
Format String Attacks
Vudo malloc tricks
Once upon a free()...
Basic Integer Overflows

Vulnerability Discovery

Fuzz Testing of Application Reliability
Evaluating Fuzz Testing
The Fuzzing Book: Tools and Techniques for Generating Software Tests
Awesome Fuzzing
American Fuzzy Lop
SoK: Sanitizing for Security
Undefined Behavior in 2017
Static Source Code Analysis Tools for C
Automated vulnerability auditing in machine code
Dynamic Program Analysis and Software Exploitation: From the crash to the exploit code
Cyber Grand Shellphish

Vulnerability Exploitation

Smashing The Stack For Fun And Profit
Tao of Windows Buffer Overflow
The Internet Worm Program: An Analysis
Crash course on buffer overflows by the 10K Students initiative
Using GDB to Develop Exploits - A Basic Run Through
Getting around non-executable stack (and fix)
non-exec stack
The advanced return-into-lib(c) exploits: PaX case study
x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique
Return-Oriented Programming: Systems, Languages, and Applications
Documentation for the PaX project
Scraps of notes on remote stack overflow exploitation
Bypassing StackGuard and StackShield
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization
SoK: Eternal War in Memory

No Class

Malware

The Art of Computer Virus Research and Defense
How to 0wn the Internet in Your Spare Time
Manufacturing Compromise: The Emergence of Exploit-as-a-Service
Evasive Malware Exposed and Deconstructed
The Inside Story Behind MS08-067
NTIllusion: A portable Win32 userland rootkit

Malware: Incidents

W32.Stuxnet Dossier
Stuxnet 0.5: The Missing Link
W32.Duqu: The precursor to the next Stuxnet
THE DUQU 2.0: Technical Details

Social Engineering

Social Phishing
Interface Illusions
Phishing in Organizations: Findings from a Large-Scale and Long-Term Study
The Social Engineering Framework
Advanced social engineering attacks
People Hacking: The Psychology of Social Engineering
Phishing Guidance: Stopping the Attack Cycle at Phase One

Physical Security

Notes on Picking Pin Tumbler Locks
RFID Hacking
Hacking deeper in the system
State Considered Harmful
Apple Platform Security
Security in ChromeOS

Anonymity

Tor: The Second-Generation Onion Router
Detecting Traffic Snooping in Tor Using Decoys
A Survey of Worldwide Censorship Techniques
Everything Old is New Part 2: Why Online Anonymity Matters

OPSEC

Security guides you should read and follow
OPSEC Required Reading
Tails
PORTAL