CSE 363: Offensive Security, Spring 2025

Home

Schedule

Recommended reading material is listed under each lecture.

Jan 28

Introduction and Basic Concepts

Reflections on Trusting Trust
Why Offensive Security Needs Engineering Textbooks

Jan 30

Threat Landscape and Basic Security Principles

The Protection of Information in Computer Systems
ENISA Threat Landscape 2024
Buying Spying: Insights into Commercial Surveillance Vendors

Feb 4

Ethics

Legal Issues Surrounding Monitoring During Network Research
About Penetration Testing
Markets for Zero-Day Exploits: Ethics and Implications
Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws
Project Zero: Policy and Disclosure: 2021 Edition
The Shapeshifting Crypto Wars

Feb 6

Network Sniffing

tcpdump
Wireshark
Scapy

Feb 11

Network Traffic Interception

Beej's Guide to Network Concepts
Deep dive into QUANTUM INSERT
airpwn-ng

Feb 13

Network Traffic Interception

Transport Layer Security (TLS)
sslstrip
Bettercap
Performing & Preventing SSL Stripping: A Plain-English Primer

Feb 18

DNS Attacks

Using the Domain Name System for System Break-ins
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
Hold-On: Protecting Against On-Path DNS Poisoning
The Hitchhiker’s Guide to DNS Cache Poisoning
An Illustrated Guide to the Kaminsky DNS Vulnerability
DNS security threats and mitigations
DNS Security: Threat Modeling DNSSEC, DoT, and DoH
DNSSEC Deconstructed
Adopting Encrypted DNS in Enterprise Environments
A simple DNS lookup tool

Feb 20

Reconnaissance

nmap
The Art of Port Scanning
ZMap: Fast Internet-Wide Scanning and its Security Applications
A Brief History of Scanning
An Internet-Wide View of Internet-Wide Scanning

Feb 25

Supply Chain Attacks (Guest lecture by Harshvardhan Patel)

Feb 27

No Class

Mar 4

Denial of Service Attacks

Mar 6

Tunneling

Mar 11

Authentication

Mar 13

Midterm

Mar 18

No Class: Spring Recess

Mar 20

No Class: Spring Recess

Mar 25

Social Engineering

Mar 27

Reverse Engineering

Apr 1

Reverse Engineering

Apr 3

Software Vulnerabilities

Apr 8

Vulnerability Discovery

Apr 10

Vulnerability Exploitation

Apr 15

Malware

Apr 17

No Class

Apr 22

Malware

Apr 24

Cloud Exploitation

Apr 29

LLM Attacks

May 1

Physical Security

May 6

Anonymity

May 8

OPSEC