Security
Lectures are being produced as pre-recorded videos and will be published on this playlist no later than the corresponding lecture date. Lectures come with manually curated chapter timestamps by yours truly in the description and with AI-generated subtitles / closed captions. You may ask me questions in the comments and, if pertinent to the course, I'll reply publicly for everyone's benefit. You may also write to me privately at the address at the front of the course notes.
Course textbook: Wenliang Du, Computer and Internet Security: a hands-on approach, 2nd ed.
This is a hands-on course. It involves practical exercises developed by the author of the textbook (Professor Wenliang Du) and available from seedsecuritylabs.org. These exercises are somewhat similar to ticks, but they are not assessed and do not attract course credits. They require the use of the free Virtualbox hypervisor software, on which you will run a supplied virtual machine (the SEED VM, a preconfigured Ubuntu 20.04). For each lab you will install on it some vulnerable software to be attacked, together with the tools to attack it. Virtualbox itself only runs on machines with an x86 processor, so please obtain an x86 machine ASAP and install Virtualbox on it, and then the SEED VM on that.
To a first approximation, any laptop or desktop box (Linux, Mac or Win) will work, except Raspberry Pis and the newest Macs with Apple silicon. If Virtualbox doesn’t run on your usual computer, please get yourself an x86 box. It’s OK if it’s an old one that someone else is discarding, which you might get for free. My main Linux machine at home is about 10 years old and works fine for all the exercises in this course.
The hands-on content of the 1b security course will not be marked or ticked, so please don't waste your time and that of your supervisor by searching for solutions on the web: you will only be cheating yourself out of an education and you might as well not do the SEED labs at all. On the other hand, those who complete the labs on their own will acquire skills that will be advantageous during the exam. The practicals are as instructive as the lectures.
The course is challenging and demanding but I very much hope you will enjoy it. Best wishes and happy hacking.
Lectures and associated SEED labs
Lectures are split by topic rather than by time and may be shorter or longer than an hour (or rather 50 minutes); but the total running time will not exceed the nominal 12 hours (or rather 600 minutes).
- Fri 2022-04-29: Introduction
- Mon 2022-05-02: Access control
- Wed 2022-05-04: Privilege escalation Environment_Variable_and_SetUID
- Fri 2022-05-06: Buffer overflow Buffer_Overflow_Setuid
- Mon 2022-05-09: Return to libc Return_to_Libc
- Wed 2022-05-11: SQL injection Web_SQL_Injection
- Fri 2022-05-13: Passwords
- Mon 2022-05-16: CSRF Web_CSRF_Elgg
- Wed 2022-05-18: XSS Web_XSS_Elgg
- Fri 2022-05-20: TCP attacks TCP_Attacks
- Mon 2022-05-23: Human factors
- Wed 2022-05-25: Malware and physical security