System and Network Security, Spring 2022
CSP 544 System and Network Security
Week 1 Announcement
- Get set up with SEED Labs
- Create an account on Hack the Box
Welcome!
This is the webpage for CSP 544: System and Network Security at IIT. We are online for the first two weeks of the semester. After that, we will meet in SB 113.
Communication
We will be using Discord for course communication. You can find the invite link on Blackboard.
Books
Required
See here.
Other Useful Books
- Security Engineering by Ross Anderson
- Hand-On Ethical Hacking and Network Defense by Simpson and Antill
- The Hacker Playbook 2 by Peter Kim
- Hacking: The Art of Exploitation by Jon Erickson
- RTFM by Ben Clark
Development Environment
We will primarily be using virtual machine images to set up vulernable environments for you to exploit. Thus, in order to do the labs, you’ll need to set up a hypervisor/VMM on your machine to complete the labs. You should be able to use VirtualBox, VMware, or libvirt. We’ll be using the SEED Labs for most of the class, but we will augment them with our own. You can see here to get set up for the labs.
Tools
- Metasploit: A widely used penetration testing framework written in Ruby
- Kali Linux: A Linux distro aimed at ethical hacking and pentesting
- Defuse: An online x86 disassembler
- Godbolt: An online compiler explorer
- pwntools: a Python exploitation framework, meant for CTFs
- shtest: A shellcode tester
- Wireshark: Widely used network packet capture and analysis tool
- SET: Social engineering toolkit
- PTF: Penetration tester framework
- GEF: GDB wrapper for reverse engineering and exploit development
- Radare2: Reverse engineering framework
- strace: Linux system call tracer
- ltrace: Linux library call tracer
- Shodan: Vulnerability scanner
- Hydra: brute force cracking for remote services
- Mimikatz: Windows credential dumper
- hashcat: password cracker
- American Fuzzy Loop: widely used software fuzzer
- syzkaller: Linux kernel fuzzing
Other Useful Links and Resources
This is a list of other resources that you might find useful for this class and for doing work in the security area in general. Feel free to peruse them at your own convenience.
CTFs
- CTFTime, a list of upcoming CTFs
- Preparing for a CTF
- PicoCTF
- Smash the stack wargames
- Google’s CTF
- OverTheWire wargames
Practice and Other Links
- Hack The Box: A great hacking playground
- Pwnable practice challenges
- CTF Field guide from trail of bits
- Phoenix: Exploit education
- CTFLearn: a learning platform for exploitation
- MIT’s security reading list
- Adam Doupe’s security course videos
- Github based course on Linux exploitation
- SQL injection cheat sheet
- NMAP cheat sheet
- Guide to lsof usage
- vx underground: compendium of malwares and related papers/code