Syllabus
Module 1: Basic Networking
TCP/IP, DNS, packet analysis and security tools.
Module 2: Operating Systems and Enterprise Systems
Linux containers, firewalls, Security-Enhanced Linux (SELinux), Kubernetes-based container orchestration, control- and data-plane (e.g., Istio- and Envoy), identity and secrets management, Open Policy Agent.
Module 3: Malware in web-services
"OWASP" attacks like SQL- and command-injection, long-term threats ('advanced persistent threats') and fuzzing techniques.
Module 4: Data Analysis
Clustering, classification, and anomaly detection.
Module 5: Open Ended Project
Choose a project around open-source kubernetes hardening from the list of given projects and submit a production grade implementation using best practices from the industry.
| Date | Topic | Slides/Materials |
|---|---|---|
| 08/28 | Introduction to networking | syllabus.pdf |
| 09/02 | Labor Day | |
| 09/04 | Tools, TCP/IP, CIDR, Handshake | networking.pdf |
| 09/09 | Internet, OSI stack | |
| 09/11 | Encryption (AES), Side channels | encryption.pdf, hmac_md5.c, RSA.py |
| 09/16 | OS Basics, Containers | osbasics.pdf, containerBox_demo.zip, strace_demo.zip |
| 09/18 | Kubernetes orchestration and networking | orchestration.pdf, tutum_demo.zip |
| 09/23 | Sysdig | sysdig.pdf |
| 09/25 | Prometheus/OSQuery | prometheus.pdf, prom-cmds, osquery.pdf, osquery-cmds |
| 09/30 | Anchore/Secrets | anchore.pdf |
| 10/02 | Fuzzing | intro_to_fuzzing_and_exploitation.pdf |
| 10/07 | Fuzzing/APT | cyber_threats_in_modern_enterprise.pdf |
| 10/09 | APT | APT-38.pdf |
| 10/14 | Exam review | |
| 10/16 | Midterm | midterm |
| 10/21 | Classification, trees and random forests | ml_for_enterprise_cybersecurity.pdf |
| 10/23 | Supervised learning | |
| 10/28 | Supervised learning/Demo | ml_demos.zip |
| 10/30 | Pitfalls of supervised learning | |
| 11/04 | Clustering and intrusion detection | *Above Demos archive is updated |
| 11/06 | Network: Great Cannon | Discussion 1 due [great_cannon.pdf] |
| 11/11 | Network: Great Cannon | |
| 11/13 | ML: Nazca | Discussion 2 due [nazca.pdf] |
| 11/18 | ML: Nazca | |
| 11/20 | Side-channel: ContainerLeaks | Discussion 3 due [container.pdf] |
| 11/25 | Side-channel: ContainerLeaks | |
| 11/27 | Thanksgiving Break | |
| 12/02 | OS/Arch: EROS | Discussion 4 due [eros.pdf] |
| 12/04 | OS/Arch: EROS | |
| 12/09 | Project | |
| 11/11 | Project | |
| 12/16 | Finals |
Labs
Lab 1: Networking (Due: 09/14/2019 11:59 pm)
Submit a pdf report and associated source code as a archive on Canvas while answering all questions asked in Lab1.pdf. You will learn about packet sniffing, analysing TCP dumps and iptables. The blacklist file and python code are available here.
Lab 2a: Containers, SE Linux and Web-attacks (Part a Due: 09/25 11:59 pm)
Submit a pdf report and associated source code as a archive on Canvas while answering all questions asked in Lab2.pdf Part 1 and Part 2. You will learn about containerizing applications, various website and DB based attacks and basics of SELinux.
Lab 2b: Kubernetes and Orchestration (Part b Due: 10/05 11:59 pm)
Submit a pdf report and associated source code as a archive on Canvas while answering all questions asked in Lab2.pdf Part 3 (a&b). You will learn about kubernetes orchestration across multiple containers.
Lab 3: Advanced Persistent Threats, Fuzzing and Exploitation (Due: 10/26 11:59 pm)
Submit a pdf report and associated source code as a archive on Canvas while answering all questions asked in Lab3.pdf. You will learn about fuzzing techniques and understand various APT reports. You are required to use 2 VMs. Fireeye reports used for the lab are available at M-Trends-2019.pdf, Hammertoss.pdf and APT-41.pdf.
Lab 4: Machine Learning techniques (Due: 11/12 11:59 pm)
Submit a pdf report and associated source code as a archive on Canvas while answering all questions asked in Lab4.pdf. You will learn about application of supervised and un-supervised ML for classification and anomaly detection. The jupyter notebook files are available at notebook.tar.
Lab 5: Open Ended Project (Due: 12/15 11:59 pm)
Choose a project from the given list of projects and implement it for the class project. You are free to come up with your own ideas, but make sure your project has the same level of details as described in other projects. General set of instructions for the project is provided. You should submit your milestone reports and the final report using the provided 2-column latex template.
| Date | Topic | Slides/Materials |
|---|---|---|
| 11/20 | Milestone 0 | Finalize Project Idea and cover related section |
| 12/27 | Milestone 1 | Finalize the Experimental Setup and results |
| 12/04 | Milestone 2 | Complete all experimental setup |
| 12/11 | Milestone 3 | Complete the project goals with result graphs |
| 11/14 | Final Report | Complete the report and future work |
| 12/16 | Poster Presentation | 2-minute lightning talk and poster |
Readings
Please try to answer the following questions while submitting the report/summary for the reading materials.
- Paper summary: What problem does the paper describe? Key insight? Results?
- The problem that is being solved here: why does it exist? Is it fundamental or artifactual?
- Did you find the evaluation satisfactory? How would you evaluate the same idea?
- How would you extend this work?
- What did you find most interesting about the paper? (some insight, the evaluation setup, or a tool that you could re-use).
-
Reading 1: APTs and Networking (Due 11/06 10:30 am)
An Analysis of China’s “Great Cannon” [ review.pdf ]
Reading 2: Machine Learning (Due 11/13 10:30 am)
Nazca: Detecting Malware Distribution in Large-Scale Networks [ review.pdf ]
Outside the Closed World: On Using Machine Learning For Network Intrusion DetectionReading 3: Side Channel Attacks (Due 11/20 10:30 am)
ContainerLeaks: Emerging Security Threats of Information Leakages in Container Clouds [ review.pdf ]
Reading 4: OS and Architecture (Due 12/02 10:30 am)
Exams
Midterm - 10/16
Written Exam - EER 1.518 10:30am - 11:15am, Coding Exam - CPE 2.212 6pm - 9pm
[Study_Guide.pdf]
[Midterm_Written.pdf][Written_solution.pdf]
[Midterm_Coding.pdf,code_files.zip][Coding_solution.pdf]
Finals - 12/16
Lightning talk and Poster Presentation - EER 1.518 2pm - 5pm
Each team will be given 2 minutes to present the idea and the result at a very high level. Teams should aim at preparing 2-3 slides of content with key idea and results. After all teams have given the talks, teams will spread out in the room with poster (or 1 slide screen on laptop) and wait for instructors to come to you when you will explain your project in depth. Instructors will typically spend 5-7 minutes at each booth. All presentations needs to be uploaded onto Canvas by 1 pm on Dec 16th.