Mon, Wed 5:30pm–6:50pm, Humanities 3020
Instructor: Michalis Polychronakis, office hours: Mon, Wed 4pm–5:30pm, NCS 355
Communication: Piazza


The course will cover a wide range of topics in the area of offensive computer security, trying to strike a balance between core concepts and recent advancements. The main goal of the course is to provide an understanding of various computer security concepts through a more adversarial way of thinking. By focusing on vulnerabilities and exploitation techniques, the course will cover a broad range of topics, including the ethics of offensive security, reverse engineering, software vulnerability discovery and exploitation, malicious code analysis, network traffic interception and manipulation, reconnaissance and information gathering, physical security, and social engineering.

All topics will be covered from a highly practical perspective, following a mixed format of lectures, hands-on sessions, and paper presentations. Each student will give a short conference-style presentation of one research paper, which the rest of the class should read and discuss. Other requirements include 3–4 programming/hands-on assignments and a long-term course project (a few candidate projects will be provided).


Study Material

There is no required textbook. You may find the following books useful:

Additionally, there will be recommended readings for each lecture—see the schedule.

University Policies

Disability Support Services

If you have a physical, psychological, medical or learning disability that may impact your course work, please contact Disability Support Services, ECC (Educational Communications Center) Building, room 128, (631) 632-6748. They will determine with you what accommodations, if any, are necessary and appropriate. All information and documentation is confidential.

Academic Integrity

Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work. Representing another person's work as your own is always wrong. Faculty are required to report any suspected instances of academic dishonesty to the Academic Judiciary. Faculty in the Health Sciences Center (School of Health Technology & Management, Nursing, Social Welfare, Dental Medicine) and School of Medicine are required to follow their school-specific procedures. For more comprehensive information on academic integrity, including categories of academic dishonesty, please refer to the academic judiciary website.

Critical Incident Management

Stony Brook University expects students to respect the rights, privileges, and property of other people. Faculty are required to report to the Office of Judicial Affairs any disruptive behavior that interrupts their ability to teach, compromises the safety of the learning environment, or inhibits students' ability to learn. Faculty in the HSC Schools and the School of Medicine are required to follow their school-specific procedures.