System and Network Security, Fall 2023
CSP 544 System and Network Security
Week 1 Announcement
Get set up with SEED Labs
Welcome!
This is the webpage for CSP 544: System and Network Security at IIT.
Communication
We will be using Discord for course communication. You can find the invite link on Blackboard.
Books
Required
See here.
Other Useful Books
- Security Engineering by Ross Anderson
- Hand-On Ethical Hacking and Network Defense by Simpson and Antill
- The Hacker Playbook 2 by Peter Kim
- Hacking: The Art of Exploitation by Jon Erickson
- RTFM by Ben Clark
Development Environment
We will primarily be using virtual machine images to set up vulernable environments for you to exploit. Thus, in order to do the labs, you’ll need to set up a hypervisor/VMM on your machine to complete the labs. You should be able to use VirtualBox, VMware, or libvirt. We’ll be using the SEED Labs for most of the class, but we will augment them with our own. You can see here to get set up for the labs.
Tools
- Metasploit: A widely used penetration testing framework written in Ruby
- Kali Linux: A Linux distro aimed at ethical hacking and pentesting
- Defuse: An online x86 disassembler
- Godbolt: An online compiler explorer
- pwntools: a Python exploitation framework, meant for CTFs
- shtest: A shellcode tester
- Wireshark: Widely used network packet capture and analysis tool
- SET: Social engineering toolkit
- PTF: Penetration tester framework
- GEF: GDB wrapper for reverse engineering and exploit development
- Radare2: Reverse engineering framework
- strace: Linux system call tracer
- ltrace: Linux library call tracer
- Shodan: Vulnerability scanner
- Hydra: brute force cracking for remote services
- Mimikatz: Windows credential dumper
- hashcat: password cracker
- American Fuzzy Loop: widely used software fuzzer
- syzkaller: Linux kernel fuzzing
Other Useful Links and Resources
This is a list of other resources that you might find useful for this class and for doing work in the security area in general. Feel free to peruse them at your own convenience (please let us know of any dead links).
CTFs
- CTFTime, a list of upcoming CTFs
- Preparing for a CTF
- PicoCTF
- Smash the stack wargames
- Google’s CTF
- OverTheWire wargames
Practice and Other Links
- Hack The Box: A great hacking playground
- Pwnable practice challenges
- CTF Field guide from trail of bits
- Phoenix: Exploit education
- CTFLearn: a learning platform for exploitation
- MIT’s security reading list
- Adam Doupe’s security course videos
- Github based course on Linux exploitation
- SQL injection cheat sheet
- NMAP cheat sheet
- Guide to lsof usage
- vx underground: compendium of malwares and related papers/code