_____   ____________     ____________ 
   /  _/ | / / ____/ __ \   |__  <  / __ \
   / //  |/ / /_  / / / /    /_ </ / / / /
 _/ // /|  / __/ / /_/ /   ___/ / / /_/ / 
/___/_/ |_/_/    \____/   /____/_/\____/  
--- Cyber Security and Info Assurance ---

This course will cover theoretical and practical topics in cybersecurity as it relates to applications, networks, companies, people, governments. The goals of this course will be to familiarize students with the basic topics of cybersecurity, penetration testing, risk management, security operations, privacy, ethics, and legal issues.

Grade breakdown:

• hw: 56%
• quizes: 24%
• final: 20%

Late penalty:

• Applies to quizzes and assignments
• Point ceiling goes down 10% daily, in 10% steps (24hrs from time due)
• Stops at 50% deduction

Reading:

• We will rely on a variety of online sources for information
• Reading assignments will be sent out on a weekly basis

Correspondence:

• Please only use your UW email account for security reasons - I don't want a FERPA violation
• Write: "INFO 310 - (your subject header here)" in the subject line so I can filter it out

• Tu - Me, class policies, terminology, industry overview, ethics
• La - Break into groups, find a breach report
• Th - The early history of hackers
• HW - None
• Reading -
  • Max Headroom Hack - https://motherboard.vice.com/read/headroom-hacker
  • The Morris Worm - https://www.washingtonpost.com/news/the-switch/wp/2013/11/01/how-a-grad-student-trying-to-build-the-first-botnet-brought-the-internet-to-its-knees/
  • A Flaw in the Design - http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/
  • A Long Life of a Quick Fix - http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
  • A Disaster Foretold and Ignored - http://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/
  • "Hacker's Manifesto" - http://phrack.org/issues/7/3.html

• Tu - Threat modeling, class scenarios
• La - Threat model a real application - The Silk Road 3.0
• Th - Enterprise policies
• Qz - On this week's topics
• HW - Breach report report
• Reading -
  • http://www.washingtonpost.com/sf/business/2015/05/30/net-of-insecurity-part-1/
  • http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
  • http://www.washingtonpost.com/sf/business/2015/06/22/net-of-insecurity-part-3/
  • http://www.washingtonpost.com/sf/business/2015/07/22/hacks-on-the-highway/
  • http://www.washingtonpost.com/sf/business/2015/11/05/net-of-insecurity-the-kernel-of-the-argument/

• Tu - Malware
• La - TBD
• Th - Forensics and IR
• Qz - On this week's topics
• HW - TBD
• Reading -
  • Stuxnet - https://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/
  • Duqu - https://www.wired.com/2011/10/son-of-stuxnet-in-the-wild/
  • Flame pt1 - https://www.wired.com/2012/05/flame/
  • Flame pt2 - https://www.wired.com/2012/09/flame-coders-left-fingerprints/
  • Extra:
    • https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf
    • https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-the-mobile-cybercriminal-underground-market-in-china.pdf

• Tu - Crypto introduction
• La - Canceled. Go home and re-watch any videos that confused you.
• Th - Crypto applied
• Qz - On this week's topics
• HW - Let's do some crypto
• Reading -
  • Cypher Wars - https://archive.wired.com/wired/archive//2.11/cypher.wars.html
  • "Cryptic Controversy: U.S. Government Restrictions on Cryptography Exports and the Plight of Philip Zimmermann" - http://readingroom.law.gsu.edu/cgi/viewcontent.cgi?article=2264&context=gsulr
  • "Why I Wrote PGP" - https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

• Tu - Down the rabbit hole
• La - MITM the bots
• Th - Network exploits
• Qz - On this week's topics
• HW - Network exploitation report
• Reading -

• Tu - Web technologies
• La - Your first web exploit
• Th - Web application exploitation
• Qz - On this week's topics
• HW - XSS and SQLi challenges
• Reading -

• Tu - Low level memory management
• La - A buffer overflow together
• Th - Buffer overflows
• Qz - On this week's topics
• HW - Buffer overflow challenges
• Reading -

• Tu - Common coding mistakes
• La - Spot and exploit the mistake
• Th - More common coding mistakes
• Qz - On this week's topics
• HW - Spot the mistakes
• Reading -

• Tu - How to social engineer
• La - Information gathering expedition
• Th - How to prevent social engineering
• Qz - On this week's topics
• HW - Case a place
• Reading -

• Tu - Personal operational security
• La - Course review
• Th - The industry and certifications
• Qz - On this week's topics
• HW - Study