By the end of this week, you will be able to dissect packet captures (PCAPs), perform network reconnaissance and port scanning, extract credentials sent insecurely via plaintext over the network, detect stealthy scans and other suspicious activities on your network, understand the methods of conducting a distributed denial of service attack (DDoS).
By the end of this week, you will be able to crack passwords on a Linux or Windows system, understand the difference between symmetric and asymmetric cryptography, understand and use one-way hash functions, understand how Transport Layer Security (TLS) works, intercept HTTPS traffic with a proxy, understand how and how not to store users' passwords.
By the end of this week, you will be able to perform and defend against the following attacks: Cross-Site Scripting (XSS), SQL injection, Cross-Site Request Forgery (CSRF), session hijacking, cookie tampering, directory traversal, command injection, remote and local file inclusion.
By the end of this week, you will be able to take advantage of a number of vulnerabilities on a live web server.
By the end of this week, you will be able to create technical risk analysis, be exposed to and understand the difference between CVE and CWE, use static analysis software to identify vulnerabilities, understand the difference between static and dynamic analysis.
By the end of this week, you will be able to describe types of malware, see certain malware behaviors, scan and analyze malware, reverse engineer Android apps to determine if they are malicious.
This will be an adventure for all of us but it will be a fun one for sure. A few notes on the expectations and structure of this course:
There are many good reasons why I will not do any of the above items:
Adding constraints and extra burden to your lives especially during the summer will not fit well with anyone. Extra constraints and burden also defeat the purpose of an online course. Thus, you will probably not see me at all this summer.
You can choose to:
Your choice, but the latter three choices are not wise.
A very important point: if you want everything gone over in lecture or in notes, then this is not the course for you. More importantly, that's not how things work in real life.
Each week, there will be at most three labs (and a quiz every other week) to hone your skills and to aim at the crux of the matter for the week. Here's an analogy: you don't learn how to cook simply by just reading cookbooks and watching YouTube videos. You learn by making, using your hands, and making mistakes.
It is your responsibility to ask questions early and to ask for help...
Share thoughts and respond to other people's questions. The TAs and myself will be online constantly, thus the idea of set office hours almost becomes moot point. It is no secret that I respond very quickly unless I need to be away.
Hard to say because the skill-set of the students varies: from those who have just completed Introduction to Computer Science and/or Data Structures to those who already have a Computer Science degree. In terms of number of hours you should expect to spend per week, my rough estimate and expectation is anywhere from 3 to 10 hours of work a week.
There is a very good post published by Northeastern University: "How To Be a Successful Online Learner." Link: http://www.northeastern.edu/graduate/blog/2016/06/29/successful-online-learning-strategies/.
A lab is due one week from the day it is assigned.