CSCA 5313: Security & Ethical Hacking: Attacking Unix and Windows

Get a head start on program admission

Preview this course��in the non-credit experience today!��
Start working toward program admission and requirements right away.��Work you complete in the non-credit experience will transfer to the for-credit experience when you upgrade and pay tuition. See How It Works for details.

Course Type: Elective
Specialization: Security & Ethical Hacking
Instructors:��Dr. Ahmed Hamza
Prior knowledge needed: An understanding of python programming and networking basics is required. Course assessments are practical work, quizzes and exams.

Course Description

This course explores the science and art of offensive security techniques used in penetration testing of networks and systems. Areas of focus include post-exploitation and exploitation of Unix (esp. Linux) machines/servers, and Windows OS.

A basic review of relevant x86 Assembly language constructs will be given.

Students will utilize scripting and low-level programming and other technical means to execute a variety of attacks in adversarial recon, lateral movement, privilege escalation, and authentication bypass on Unix systems, as well as active exploitation of remote memory corruption attacks on multiple OS. An introduction to general computer memory is given, along with other topics in operating systems, as needed.

Learning Outcomes

Analyze a complex computing problem and to apply principles of computing and other relevant disciplines to identify solutions.
Design, implement, and evaluate a computing-based solution to meet a given set of computing requirements in the context of the program’s discipline.
Communicate effectively in a variety of professional contexts.
Recognize professional responsibilities and make informed judgments in computing practice based on legal and ethical principles.
Function effectively as a member or leader of a team engaged in activities appropriate to the program’s discipline.
Apply computer science theory and software development fundamentals to produce computing-based solutions.��

Course Grading Policy

Assignment	Percentage of Grade
Ungraded Labs	0%
Ethical Hacking Pledge	5%
Graded Assignments	55% (5 assignments; 11% each)
Final Exam	40%

Course Content

Module 1 | Introduction and UNIX Security Basics

Duration: 3��hours, 25 minutes

Module 1 provides an introduction to the course, its target systems and setup, and a quick refresher on Linux command line basics and relevant tooling.��

Module 2 | Abusing the Unix Security Model - Privilege Escalation

Duration: 3 hours, 51 minutes

In Module 2, we take a deep dive into the basics and more obscure parts of the Unix security model, real and effective IDs for process execution and filesystem access, and setuid binaries. Applying that knowledge with some additional understanding of the shared library loading on Linux, we take a look at evasive privilege escalation in C.

Module 3 | Evasive Privilege Escalation on Linux

Duration: 6��hours, 46 minutes

In Module 3, we continue privilege escalation, this time with shared library hijacking techniques (function hooks and library load order exploitation). We also take a look at simpler yet equally devastating attacks, using common built-in editor software as an example of hacking by manipulating the user environment.

Module 4 | Lateral Movement Techniques on Unix

Duration: 9��hours, 31 minutes

In Module 4, we demonstrate and discuss stealthy lateral movement techniques using built-in Unix ��tools, including a rare passphrase cracking opportunity on private keys, and a re-purpose a lot of SSH optimizations and existing tools (forwarding agents and Control Master).��

Module 5 | ��Memory Corruption and User-Mode Exploitation on MSFT Windows��

Duration: 4 hours, 11 minutes

In this final module, we examine computer memory concepts, code execution vulnerabilities in binary programs through memory corruption, and give a refresher on the relevant x86 Assembly instructions for stack overflow primitives. Shellcode and its generation is also introduced.

Module 6 | Final Exam (For-credit Experience Only)

Duration: 2��hours, 42 minutes

This module contains materials for the proctored final exam for MS-CS degree students. If you've upgraded to the for-credit version of this course, please make sure you review the additional for-credit materials in the Introductory module and anywhere else they may be found.��

Notes

Page Updates: This page is periodically updated. Course information on the Coursera platform supersedes the information on this page. Click the��View on Coursera��button��above for the most up-to-date information.

��Ƶ18