Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA Amazon AWS CompTIA Security+ AWS Certified Developer - Associate
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Figure Drawing
Life Coach Training Neuro-Linguistic Programming Mindfulness Personal Development Personal Transformation Meditation Life Purpose Coaching Neuroscience
Web Development JavaScript React CSS Angular PHP WordPress Node.Js Python
Google Flutter Android Development iOS Development Swift React Native Dart Programming Language Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing YouTube Marketing Email Marketing Retargeting
SQL Microsoft Power BI Tableau Business Analysis Business Intelligence MySQL Data Analysis Data Modeling Data Science
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Online Business Business Plan Startup Freelancing Blogging Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee

This course includes:

  • 12 hours on-demand video
  • 8 articles
  • Full lifetime access
  • Access on mobile and TV
IT & Software Network & Security Cyber Security

Computer Security: A Hands-on Approach

Attacks and defense: buffer overflow, race condition, dirty COW, meltdown and spectre , shellshock, format string
Rating: 4.6 out of 54.6 (279 ratings)
1,359 students
Created by Wenliang Du
Last updated 1/2020
English
30-Day Money-Back Guarantee

What you'll learn

  • How to exploit software vulnerabilities, and launch attacks
  • How to defend against various attacks and how to write secure code
  • Practical skills in cybersecurity
  • The fundamental problems of various software vulnerabilities

Requirements

  • Have basic programming background.
  • Understand basic operating system concepts, such as users, process, memory, etc.

Description

This course focuses on a variety of attacks on computer systems. Some of them are classical attacks, and some are quite new, such as the recently discovered Dirty COW, Meltdown, and Spectre attacks. The course emphasizes hands-on learning. For each attack covered, students not only learn how the attack work in theory, they also learn how to actually conduct the attack, in a contained virtual machine environment. The hands-on exercises developed by the instructor are called SEED labs, and they are being used by over 1000 institutes worldwide. The course is based on the textbook written by the instructor. The book, titled "Computer & Internet Security: A Hands-on Approach, 2nd Edition", has been adopted by over 120 universities and colleges worldwide.

Who this course is for:

  • Students who are interested in learning both theory and hands-on skills in cybersecurity
  • Software developers who are interested in improving the security of their programs
  • Graduate and upper-division undergraduate students in computer science, computer engineering, and IT-related fields

Course content

9 sections • 84 lectures • 12h 9m total length

  • Preview01:23
  • Set Up the Lab Environment
    11:28
  • Textbook
    03:17
  • Linux Users and Groups
    10:26
  • Access Control and Permissions
    13:20
  • Running Commands as Superuser
    05:04
  • Summary
    01:11

  • Introduction
    01:25
  • The Need for Privileged Programs
    08:40
  • The Set-UID Mechanism
    18:43
  • Preview08:06
  • Attacks via Environment Variables
    23:19
  • Attacks via Explicit User Inputs
    15:05
  • Capability Leaking
    11:48
  • Security Analysis and Summary
    11:20
  • Lab Exercise
    00:08

  • Introduction
    00:49
  • Shellshock Vulnerability
    15:58
  • Exploit the Vulnerability
    14:42
  • Reverse Shell
    15:50
  • Launch the Reverse Shell Attack & Summary
    04:06
  • Lab Exercise
    00:13

  • Introduction
    03:33
  • Memory Layout
    07:11
  • Stack Layout
    11:30
  • Buffer Overflow Vulnerability
    10:45
  • Experiment Environment Setup
    05:02
  • Preview18:38
  • Exercises
    08:07
  • Writing Shellcode
    18:00
  • Countermeasures Overview
    01:32
  • Developer's Approach
    08:42
  • Address Space Layout Randomization
    14:12
  • Shell Program's Defense
    09:12
  • Non-Executable Stacks
    07:19
  • Compiler's Approach: StackGuard
    10:12
  • Heap-Based Buffer Overflow
    09:22
  • Summary
    02:30
  • Lab Exercise
    00:10

  • Introduction
    01:35
  • Non-Executable Stacks
    12:06
  • Overcome the Challenges
    08:38
  • The Return-to-libc Attack
    15:51
  • Return Oriented Programming
    06:46
  • Chaining Function Calls w/o Arguments
    06:31
  • Chaining Function Calls with Arguments
    09:34
  • Chaining Function Calls from Library
    14:52
  • The Final Attack
    12:00
  • Lab Exercise
    00:07

  • Introduction
    07:11
  • Race Condition Vulnerability
    16:12
  • Attack
    11:24
  • Improved Attack
    05:50
  • Countermeasures
    13:49
  • Principle of Least Privilege
    07:33
  • Lab Exercise
    00:07

  • Introduction and Background
    01:55
  • Background
    08:29
  • Memory Mapping
    11:27
  • Mapping Read-Only Files
    10:28
  • The Dirty COW Vulnerability
    09:15
  • Launch the Attack & Summary
    10:03
  • Lab Exercise
    00:14

  • Preview03:18
  • Preview13:52
  • Preview08:51
  • Preview03:20
  • Preview10:09
  • Preview13:58
  • Speculative Execution in Spectre Attack
    09:46
  • Launch the Spectre Attack
    07:59
  • Summary
    03:12
  • Preview00:18

  • Introduction
    01:40
  • How Format String Works
    13:23
  • Format Stings with Missing Arguments
    08:42
  • Read from Memory Using Vulnerabilities
    12:06
  • Write to Memory
    18:19
  • Write to Memory Faster
    16:01
  • Code Injection
    22:04
  • Remote Code Injection
    09:48
  • Countermeasures
    06:30
  • Summary
    02:02
  • Lab Exercise
    00:11

Instructor

Wenliang Du
Professor at Syracuse University
Wenliang Du
  • 4.7 Instructor Rating
  • 501 Reviews
  • 2,152 Students
  • 2 Courses

Dr. Wenliang (Kevin) Du is the Laura J. and L. Douglas Meredith Professor of Teaching Excellence at Syracuse University. He got his PhD degree from Purdue University. He is currently a full professor (tenure track), teaching computer security for almost 20 years. He promotes experiential learning in cybersecurity education. To provide students with hands-on experiences, funded by multiple grants from the National Science Foundation and over a period of 17 years, he has developed over 30 labs (called SEED labs). These labs are now being used by over 1000 universities, colleges, and high schools in 65 countries. He wrote a popular textbook on cybersecurity, which has been adopted by over 130 schools worldwide.

In 2010, his SEED project was highlighted by the National Science Foundation in a report sent to the Congress. The report highlights "17 projects that represent cutting-edge creativity in undergraduate STEM classes nationwide". Due to the impact of the SEED labs, he received the "2017 Academic Leadership" award from the 21st Colloquium for Information System Security Education. In 2019, Syracuse University bestowed upon him the  Meredith Professorship, the university's most prestigious honor for teaching excellence.

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.