Useful links and online information

• Here are the cyber-security related books I have read.
• IEEExplore provides full-text access to IEEE transactions, journals, magazines and conference proceedings published since 1988 and all current IEEE Standards.
• ACM Digital Library provides full-text access to ACM journals and conferences.
• USENIX Security Conferences.
• Common Vulnerabilities and Exposures.
  • CVE List Main Page.
  • National Vulnerability Database.
• The Common Weakness Enumeration
• The Penetration Testing Execution Standard
  • Pre-engagement Interactions .
  • Intelligence Gathering.
  • Threat Modeling.
  • Vulnerability Analysis.
  • Exploitation.
  • Post Exploitation.
  • Reporting.
  
  
  • PTES Technical Guideline.
• Secure coding
  • CERT Center at CMU.
  • Final Report on Summit on Education in Secure Software.
• Certificates for computer security
  • CISSP® - Certified Information Systems Security Professional .
  • Black hat certificate.
  • Red hat certification.
  • Computer Security Training.
  • Global Information Assurance Certification.
  • Department of Defense Directive 8570 (DoDD 8570).
  • Offensive Security Certified Professional.
• Stuxnet
  • Israeli Test on Worm Called Crucial in Iran Nuclear Delay.
  • Paper on Stuxnet spreads.
  • Stuxnet Analysis Report.
• The Complete, Unofficial TEMPEST Information Page.
• FIPS Special Publications Drafts (Potential New Standards).
• Secure Hash Standard ( Recent Draft) .
• DIGITAL SIGNATURE STANDARD.
• Recommendation for Key Management Part 1: General .
• FIPS Standards.
  • FIPS46-3 (DES) ( FIPS46-2 ).
  FIPS 197 (AES). Secure Hash Standard (SHA-1) ( SHA-1, SHA-256, SHA-384, and SHA-512, SHA-2, Current Draft)
  • MD5 (RFC 1321)) (Md5.c by Ronald L. Rivest).
  • Tiger Hash Description.
• Computer Emergency Response Team and United States Computer Emergency Readiness Team.
• The Orange Book (TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA).
• Common Criteria for Information Technology Security Evaluation.
• Insider Threat Research.
• Cryptanalysis
  • The Data Encryption Standard in Detail.
  • Attack on RC4 implemented in WEP.
  • Timing attacks on RSA and D-H.
  • Chinese Remainder Theorem to Break RSA when e=3.
  • RSA Encoding and Decoding Demonstration.
  • BigDigits multiple-precision arithmetic source code.
  • Handbook of Applied Cryptography .
  • A good website about RSA.
  • RainbowCrak project, an implementation of the rainbow table password/hash cracking method.
• Public Key Infrastructure.
  • A Survey of PKI Components and Scalability Issues (available on any on-campus computer).
• Known Vulnerabilities and Exposues.
  • Common Vulnerabilities and Exposues by MITRE.
  • United States Computer Emergency Readiness Team.
  • National Vulnerability Database.
  • CWE/SANS TOP 25 Most Dangerous Software Errors.
  • CSIS: 20 Critical Security Controls.
  • Open Vulnerability and Assessment Language.
  • Common Weakness Enumeration.
  • Common Attack Pattern Enumeration and Classification.
  • Malware Attribute Enumeration and Characterization.
  • Common Configuration Enumeration.
  • Common Platform Enumeration.
• Critical Infrastructure Protection.
  • Insider threat to CIP.
  • Organically Assured and Survivable Information Systems (OASIS).
  • Mission-oriented Resilient Clouds.
  • Computer Security in Smart Grid Advanced Metering Infrastructure .
  • http://www.nerc.com/files/SGTF_Report_Final_posted.pdf.
• Mobile Device Security.
  • IPHONE SECURITY ANALYSIS.
• Denial of Service Attacks.
  • Internet Denial of Service Attacks and Defense Mechanisms.
• Steganography and steganalysis.
  • Collage System at Georgia Tech (Paper at USENIX 2010).
• Security Models and Implementations.
  • Mandatory Access Control in BSD.
  • File System Access Control Lists in BSD.
  • Windows Vista Integrity Mechanism Technical Reference.
  • Anatomy of Security-Enhanced Linux (SELinux).
  • Security-Enhanced Linux.
  • Security Configuration Guides.
• sKyWIper (also known as Flame) Analysis Report.

Important dates

• Offered Spring 2017.
• Time: TTh 09:30AM - 10:45AM
• Place: Room 016, Love Building

News and Announcements

• The required textbook for the class is
  • Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson.

Handouts

Assignments and Solutions

Related Courses Offered:

• 2015 Offering Of Offensive Computer Security.
• 2014 Offering Of Offensive Computer Security (by Owen Redwood).
• 2013 Offering Of this Course (by Owen Redwood).

Last modified on Aug. 21, 2014