Catalog Description Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals. Advisory: CS 110A or equivalent familiarity with programming Upon successful completion of this course, the student will be able to: Read and write basic assembly code routines Read and write basic C programs Recognize C constructs in assembly Find stack overflow vulnerabilities and exploit them Create local privilege escalation exploits Understand Linux shellcode and be able to write your own Understand format string vulnerabilities and exploit them Understand heap overflows and exploit them Explain essential Windows features and their weaknesses, including DCOM and DCE-RPC Understand Windows shells and how to write them Explain various Windows overflows and exploit them Evade filters and other Windows defenses Find vulnerabilities in Mac OS X and exploit them Find vulnerabilities in Cisco IOS and exploit them Student Learning Outcomes 1. Read and write basic assembly code routines

2. Find stack overflow vulnerabilities and exploit them

3. Evade filters and other Windows defenses

Textbook "The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q Buy from Amazon Quizzes The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is available for one week, up till 12:30 pm Saturday. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the second score is the one that counts, not necessarily the higher score. Quizzes are here: https://canvas.instructure.com/courses/1271494 To create an account, click the "Join this Course" link, which is either on the right side or the bottom of the page, as shown below. Live Streaming You can attend class remotely using Zoom. Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/4108472927

Meeting ID: 410-847-2927 The lectures start at 1 PM California time on Saturdays. Classes will also be recorded and published on YouTube for later viewing.