CSE 363: Offensive Security, Spring 2025

Home

Schedule

Recommended reading material is listed under each lecture.

Jan 28

Introduction and Basic Concepts

Reflections on Trusting Trust
Why Offensive Security Needs Engineering Textbooks

Jan 30

Threat Landscape and Basic Security Principles

The Protection of Information in Computer Systems
ENISA Threat Landscape 2024
Buying Spying: Insights into Commercial Surveillance Vendors

Feb 4

Ethics

Legal Issues Surrounding Monitoring During Network Research
About Penetration Testing
Markets for Zero-Day Exploits: Ethics and Implications
Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws
Project Zero: Policy and Disclosure: 2021 Edition
The Shapeshifting Crypto Wars

Feb 6

Network Sniffing

tcpdump
Wireshark
Scapy

Feb 11

Network Traffic Interception

Beej's Guide to Network Concepts
Deep dive into QUANTUM INSERT
airpwn-ng

Feb 13

Network Traffic Interception

Transport Layer Security (TLS)
sslstrip
Bettercap
Performing & Preventing SSL Stripping: A Plain-English Primer

Feb 18

DNS Attacks

Using the Domain Name System for System Break-ins
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
Hold-On: Protecting Against On-Path DNS Poisoning
The Hitchhiker’s Guide to DNS Cache Poisoning
An Illustrated Guide to the Kaminsky DNS Vulnerability
DNS security threats and mitigations
DNS Security: Threat Modeling DNSSEC, DoT, and DoH
DNSSEC Deconstructed
Adopting Encrypted DNS in Enterprise Environments
A simple DNS lookup tool

Feb 20

Reconnaissance

nmap
The Art of Port Scanning
ZMap: Fast Internet-Wide Scanning and its Security Applications
A Brief History of Scanning
An Internet-Wide View of Internet-Wide Scanning

Feb 25

Supply Chain Attacks (Guest lecture by Harshvardhan Patel)

Feb 27

No Class

Mar 4

Denial of Service Attacks

Inferring Internet Denial-of-Service Activity
A Taxonomy of DDoS Attack and DDoS Defense Mechanisms
Amplification Hell: Revisiting Network Protocols for DDoS Abuse
China’s Great Cannon

Mar 6

Tunneling

Walls and Gates
Everything VPN is New Again
Wireguard
Algo VPN
Embracing a Zero Trust Security Model
Zero Trust Architecture
BeyondProd: A new approach to cloud-native security

Mar 11

Authentication

A Framework for Comparative Evaluation of Web Authentication Schemes
Dos and Don’ts of Client Authentication on the Web
Designing an Authentication System: a Dialogue in Four Scenes
Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials
zxcvbn

Mar 13

Midterm

Mar 18

No Class: Spring Recess

Mar 20

No Class: Spring Recess

Mar 25

Authentication

Mar 27

x86 101

Apr 1

Reverse Engineering

Apr 3

Reverse Engineering

Apr 8

Software Vulnerabilities

Apr 10

Vulnerability Discovery

Apr 15

Vulnerability Exploitation

Apr 17

No Class

Apr 22

Malware

Apr 24

Malware

Apr 29

Social Engineering

May 1

Physical Security

May 6

Anonymity

May 8

OPSEC