Computer Security: A Hands-on Approach
4.7 (143 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
714 students enrolled

Computer Security: A Hands-on Approach

Attacks and defense: buffer overflow, race condition, dirty COW, meltdown and spectre , shellshock, format string
4.7 (143 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
714 students enrolled
Created by Wenliang Du
Last updated 1/2020
English
Price: $49.99
30-Day Money-Back Guarantee
This course includes
  • 12 hours on-demand video
  • 8 articles
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • How to exploit software vulnerabilities, and launch attacks
  • How to defend against various attacks and how to write secure code
  • Practical skills in cybersecurity
  • The fundamental problems of various software vulnerabilities
Requirements
  • Have basic programming background.
  • Understand basic operating system concepts, such as users, process, memory, etc.
Description

This course focuses on a variety of attacks on computer systems. Some of them are classical attacks, and some are quite new, such as the recently discovered Dirty COW, Meltdown, and Spectre attacks. The course emphasizes hands-on learning. For each attack covered, students not only learn how the attack work in theory, they also learn how to actually conduct the attack, in a contained virtual machine environment. The hands-on exercises developed by the instructor are called SEED labs, and they are being used by over 1000 institutes worldwide. The course is based on the textbook written by the instructor. The book, titled "Computer & Internet Security: A Hands-on Approach, 2nd Edition", has been adopted by over 120 universities and colleges worldwide.

Who this course is for:
  • Students who are interested in learning both theory and hands-on skills in cybersecurity
  • Software developers who are interested in improving the security of their programs
  • Graduate and upper-division undergraduate students in computer science, computer engineering, and IT-related fields
Course content
Expand all 84 lectures 12:09:49
+ Lab Setup and Linux Security Basics
7 lectures 46:09
Set Up the Lab Environment
11:28
Textbook
03:17
Linux Users and Groups
10:26
Access Control and Permissions
13:20
Running Commands as Superuser
05:04
Summary
01:11
+ Set-UID Privileged Programs
9 lectures 01:38:34
Introduction
01:25
The Need for Privileged Programs
08:40
The Set-UID Mechanism
18:43
Attacks via Environment Variables
23:19
Attacks via Explicit User Inputs
15:05
Capability Leaking
11:48
Security Analysis and Summary
11:20
Lab Exercise
00:08
+ Shellshock Attack
6 lectures 51:38
Introduction
00:49
Shellshock Vulnerability
15:58
Exploit the Vulnerability
14:42
Reverse Shell
15:50
Launch the Reverse Shell Attack & Summary
04:06
Lab Exercise
00:13
+ Buffer-Overflow Attacks
17 lectures 02:25:57
Introduction
03:33
Memory Layout
07:11
Stack Layout
11:30
Buffer Overflow Vulnerability
10:45
Experiment Environment Setup
05:02
Exercises
08:07
Writing Shellcode
18:00
Countermeasures Overview
01:32
Developer's Approach
08:42
Address Space Layout Randomization
14:12
Shell Program's Defense
09:12
Non-Executable Stacks
07:19
Compiler's Approach: StackGuard
10:12
Heap-Based Buffer Overflow
09:22
Summary
02:30

Lab description

Lab Exercise
00:10
+ Return-to-Libc Attacks
10 lectures 01:28:00
Introduction
01:35
Non-Executable Stacks
12:06
Overcome the Challenges
08:38
The Return-to-libc Attack
15:51
Return Oriented Programming
06:46
Chaining Function Calls w/o Arguments
06:31
Chaining Function Calls with Arguments
09:34
Chaining Function Calls from Library
14:52
The Final Attack
12:00
Lab Exercise
00:07
+ Race Condition
7 lectures 01:02:06
Introduction
07:11
Race Condition Vulnerability
16:12
Attack
11:24
Improved Attack
05:50
Countermeasures
13:49
Principle of Least Privilege
07:33
Lab Exercise
00:07
+ Dirty COW Attack
7 lectures 51:51
Introduction and Background
01:55
Background
08:29
Memory Mapping
11:27
Mapping Read-Only Files
10:28
The Dirty COW Vulnerability
09:15
Launch the Attack & Summary
10:03
Lab Exercise
00:14
+ Format String Vulnerability and Attack
11 lectures 01:50:46
Introduction
01:40
How Format String Works
13:23
Format Stings with Missing Arguments
08:42
Read from Memory Using Vulnerabilities
12:06
Write to Memory
18:19
Write to Memory Faster
16:01
Code Injection
22:04
Remote Code Injection
09:48
Countermeasures
06:30
Summary
02:02
Lab Exercise
00:11