Schedule

1/27

Introduction—Cancelled due to Winter Storm

Recommended Reading

Reflections on Trusting Trust

Why Offensive Security Needs Engineering Textbooks

Legal Issues Surrounding Monitoring During Network Research

1/29

Basic Concepts and Threat Landscape

Lecture Slides

Recommended Reading

The Internet Worm Program: An Analysis

Smashing The Stack For Fun And Profit

The advanced return-into-lib(c) exploits: PaX case study

Hacker Curriculum

Crash course on buffer overflows by the 10K Students initiative

2/3

Lower Layers and Core Protocols

Lecture Slides

Recommended Reading

Packets Found on an Internet

A Survey of BGP Security Issues and Solutions

Legal Issues Surrounding Monitoring During Network Research

Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority

IP-spoofing Demystified

An Illustrated Guide to the Kaminsky DNS Vulnerability

2/5

TCP/IP

A look back at “Security problems in the TCP/IP protocol suite”

Detecting Forged TCP Reset Packets

Recommended Reading

A Technique for Counting NATted Hosts

Homework 1 is out (Due 2/20): Passive Network Monitoring

2/10

No Class

2/12

Denial of Service

Inferring Internet Denial-of-Service Activity

The Crossfire Attack

Recommended Reading

A Taxonomy of DDoS Attack and DDoS Defense Mechanisms

Amplification Hell: Revisiting Network Protocols for DDoS Abuse

2/17

Firewalls and Gateways

Lecture Slides

Recommended Reading

Firewalls and Internet Security: Repelling the Wily Hacker (Second Edition)

Walls and Gates

2/19

Scanning

How to 0wn the Internet in Your Spare Time

ZMap: Fast Internet-Wide Scanning and its Security Applications

Recommended Reading

nmap

A Brief History of Scanning

An Internet-Wide View of Internet-Wide Scanning

Homework 2 is out (Due 3/6): Programming with Libpcap

2/24

Encrypted Communication

Lecture Slides

Recommended Reading

Handbook of Applied Cryptography

Analyzing the MD5 collision in Flame

The Case for Ubiquitous Transport-Level Encryption

How (not) to use symmetric encryption

The Matasano Crypto Challenges

2/26

Authentication

Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

The Tangled Web of Password Reuse.

Recommended Reading

Designing an Authentication System: a Dialogue in Four Scenes

The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

Dos and Don’ts of Client Authentication on the Web

PAKE-Based Web Authentication: the Good, the Bad, and the Hurdles

A Future-Adaptable Password Scheme

3/3

Crypto (Failures)

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices

An Empirical Study of Cryptographic Misuse in Android Applications

Recommended Reading

FREAK

POODLE

A Comprehensive Study of BEAST, CRIME, TIME, BREACH, Lucky 13 & RC4 Biases

3/5

Class cancelled due to winter storm

Homework 3 is out (Due 4/3): Plugboard Proxy

3/10

HTTPS

Analyzing Forged SSL Certificates in the Wild

The Matter of Heartbleed

Recommended Reading

Analysis of the HTTPS Certificate Ecosystem

An Experimental Study of TLS Forward Secrecy Deployments

3/12

Midterm

3/17

Spring Recess

3/19

Spring Recess

3/24

Hands-on Session: Tunnels, Proxies, and MitM attacks

3/26

Intrusion Detection

Lecture Slides

Recommended Reading

Bro: A System for Detecting Network Intruders in Real-Time

Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection

Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics

The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection

3/31

Network Forensics

Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection

Enriching Network Security Analysis with Time Travel

Recommended Reading

Automatically inferring patterns of resource consumption in network traffic

Highly Efficient Techniques for Network Forensics

Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces

4/2

Honeypots

A Virtual Honeypot Framework

All Your iFRAMEs Point to Us

Recommended Reading

Stalking the Wily Hacker

There Be Dragons

Designing Host and Network Sensors to Mitigate the Insider Threat

Homework 4 is out (Due 5/1): Man-on-the-Side Attacks

4/7

Email

Lecture Slides

Recommended Reading

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0

End-To-End

A Critique Of Lavabit

Off-the-Record Communication, or, Why Not To Use PGP

Forward Secrecy for Asynchronous Messages

Pond

Secure Messaging Scorecard

4/9

No Class

4/14

Spam

Understanding the Network-Level Behavior of Spammers

@spam: The Underground on 140 Characters or Less

Recommended Reading

Click Trajectories: End-to-End Analysis of the Spam Value Chain

The Harvester, the Botmaster, and the Spammer: On the Relations Between the Different Actors in the Spam Landscape

4/16

Web (Part 1)

Lecture Slides (courtesy of Nick Nikiforakis)

Recommended Reading

App Isolation: Get the Security of Multiple Browsers with Just One

Regular Expressions Considered Harmful in Client-Side XSS Filters

Robust Defenses for Cross-Site Request Forgery

4/21

Botnets

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Manufacturing Compromise: The Emergence of Exploit-as-a-Service

Recommended Reading

My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging

Measuring and Detecting Fast-Flux Service Networks

Beheading Hydras: Performing Effective Botnet Takedowns

4/23

Web (Part 2)

Lecture Slides (courtesy of Nick Nikiforakis)

Recommended Reading

SQLrand: Preventing SQL Injection Attacks

Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications

4/28

Web Tracking

Privacy-Preserving Social Plugins

Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting

Recommended Reading

Adnostic: Privacy Preserving Targeted Advertising

Detecting and Defending Against Third-Party Tracking on the Web

4/30

Online Privacy and Anonymity

Lecture Slides

Recommended Reading

All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks

A Practical Attack to De-Anonymize Social Network Users

Internet Censorship in China: Where Does the Filtering Occur?

Tor: The Second-Generation Onion Router

Low-Cost Traffic Analysis of Tor

Detecting Traffic Snooping in Tor Using Decoys

5/5

Wrap Up