The course will cover a wide range of topics in the area of offensive computer security, trying to strike a balance between core concepts and recent advancements. The main goal of the course is to provide an understanding of various computer security concepts through a more adversarial way of thinking. By focusing on vulnerabilities and exploitation techniques, the course will cover a broad range of topics, including the ethics of offensive security, reverse engineering, software vulnerability discovery and exploitation, malicious code analysis, network traffic interception and manipulation, reconnaissance and information gathering, physical security, and social engineering.
All topics will be covered from a highly practical perspective, following a mixed format of lectures, hands-on sessions, and paper presentations. Each student will give a short conference-style presentation of one research paper, which the rest of the class should read and discuss. Other requirements include 3–4 programming/hands-on assignments and a long-term course project (a few candidate projects will be provided).
Paper presentation: 15%
There is no required textbook. You may find the following books useful:
Hacking: The Art of Exploitation, Second Edition. Jon Erickson. No Starch Press, 2008, ISBN 1593271441.
The Shellcoder's Handbook: Discovering and Exploiting Security Holes, Second Edition. Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte. Wiley, 2007, ISBN 047008023X.
If you have a physical, psychological, medical or learning disability that may impact your course work, please contact Disability Support Services, ECC (Educational Communications Center) Building, room 128, (631) 632-6748. They will determine with you what accommodations, if any, are necessary and appropriate. All information and documentation is confidential.
Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work. Representing another person's work as your own is always wrong. Faculty are required to report any suspected instances of academic dishonesty to the Academic Judiciary. Faculty in the Health Sciences Center (School of Health Technology & Management, Nursing, Social Welfare, Dental Medicine) and School of Medicine are required to follow their school-specific procedures. For more comprehensive information on academic integrity, including categories of academic dishonesty, please refer to the academic judiciary website.
Stony Brook University expects students to respect the rights, privileges, and property of other people. Faculty are required to report to the Office of Judicial Affairs any disruptive behavior that interrupts their ability to teach, compromises the safety of the learning environment, or inhibits students' ability to learn. Faculty in the HSC Schools and the School of Medicine are required to follow their school-specific procedures.