Reading‎ > ‎

Bonus Activity

Agenda March 4th  - During class 9:35am-10:50
  • Paper previews by Andrew and Linnea
  • Choose a project/web resource to look at (options below). Depending upon which you pick, you might not make it far. Resist switching between projects after the first 10 minutes. Once you're 10 minutes in - just stick with it and see what you can figure out :-) 
  • Work together, help each other, be awesome! I'd love to hear about people's experiences with these.  If others are interested, we can use class time for this; if others aren't, I'll have you drop me an email.
Homework - Instead of reading
  • Spend 2 hours reviewing some of the material you've learned so far in the class and don't want to forget. You don't need to turn anything in for this (unless you need some motivation to do it -- just let me know). Here are some suggestions:
    • Try to spread out the 2 hours into smaller chunks across multiple days (this is the MOST robust research finding about learning!!!)
    • Don't re-read stuff - practice recalling stuff! (also well supported by research)
      • It will help you retain the information if you practice trying to recall the information! 
      • When we reread we think that we remember, but that isn't always the case.
      • You don't need to learn new things that you don't know right now. The goal is to know the things you know right now 6 months or 2 years from today. That said - you're welcome to look things up: "I've been wondering what a heap overflow is."
      • Try to test yourself! 
    • This could involve teaching someone about what we've learned in the class.  But you can't bill grutoring hours ;) 
    • You might find the list of vocab below useful.
Resources from Sam:
  • https://www.hackthissite.org/ - Is a very good site it walks though basic web exploitation and then moves on to more advanced techniques. Some of them are a little out of date but I have done most of them so I can help people if needed. 
  • https://picoctf.com - Was an introductory CTF that I did last fall it starts REALLY basic but does build on some of the core concepts. The later stages of this CTF get into Binary manipulation. 
  • http://bostonkey.party/home Is a more advanced CTF that I did last weekend I was unable to do most of them but I am working my way through the retro/write-ups now. 

Something someone emailed to Colleen:
http://cisr.nps.edu/cyberciege/
"CyberCIEGE enhances information assurance and cyber security education and training through the use of computer gaming techniques such as those employed in SimCity™. In the CyberCIEGE virtual world, users spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack."

Possible Vocab to review:
  • Control-Flow
  •  Control-Flow Integrity (CFI)
  •  Return-Oriented Programming 
  • Control-Flow
  •  Control-Flow Integrity (CFI)
  •  Control-Flow Graph (CFG)
  •  Static Inspection / Static Program Analysis
  •  Inline Reference Monitor (IRM)
  •  Software Fault Isolation (SFI)
  •  Software Memory Access Control (SMAC)
  •  Shadow Call Stack
  • Return-oriented programming (ROP)
  •  Shellcode
  •  Instruction set
  •  Static program analysis
  •  Trie
  •  Shared libraries
  • Software Fault Isolation
  •  Guard Pages
  • Reference monitor
  • Janus {jan'-uhs}: 
  • CIA 
  • sandbox 
  •  Keep it simple 
  • Privilege Escalation
  •  Privilege Separation
  • Stack
  • Stack Overflow
  • Stack Smashing
  • Canary
  • Compiler
  • Daemon
  •  Discretionary Access Control
  •  Mandatory Access Control
  •  Compartmentalization     
  •  Remote access trojan (RAT) 
  •  Remote Control System (RCS)
  • malware  
  •  countermeasure
  •  spambots
  •  fake antivirus
  • Trojan horse or trojan
  •  rootkit
  •  DDoS bots
  • adware 
  •  MD5 hash
  •  repack
  •  arbitrage
  •  clients
  •  drive-by-download
  •  social-engineering
  •  silent installs
  •   “milking” executables
  •  spyware
  •  virtual machine (VM)
  •  crimeware kits
  •  blacklist
  •  Tor
  •  DNS
  •  C&C protocol
  •  feature extraction
Comments