=================== General Information =================== ------------------ Course description ------------------ This course covers advanced techniques for writing exploits and patching vulnerabilities, taught through an intense, hands-on security laboratory. A significant part of this course involves solving `Capture-The-Flag (CTF) `__ and discussing strategies for solving such problems. This course covers a variety of topics including (but not limited to) reverse engineering, exploitation, binary analysis, and web. ------------ Prerequisite ------------ Operating systems or equivalent (e.g., CS 3210 at GT). -------------- Class meetings -------------- - When: Class opens at 8AM (please visit the Canvas for a detailed schedule) - Where: Canvas module --------------------------- Office hours and recitation --------------------------- We have an optional recitation (and office hours) every week. Please check piazza for the Bluejeans meeting link. - Mon 12-01PM - Tue 09-10PM - Wed 05-06PM - Thu 05-06PM We will use `Chrome Remote Desktop `__ as the remote desktop tool throughout this semester. If you need debug help, please send a private post on piazza with the following information: - Access code - problem(s) description TA team will hold a remote session during the office hour. ------------------------------- Who should take CS 6265-seclab? ------------------------------- CS-6265 is primarily intended for motivated seniors and graduate students who are interested in learning the skill sets necessary to participate in CTF competitions (e.g., `DEFCON CTF `__). -------------- Grading policy -------------- Please note: The policy as worded below is an approximation; grades will actually be based on the number of earned *points* rather than the average number of challenges. The precise overall grade cut-off points will be posted on Piazza. - 100% Lab. - **No midterm or final exams**. - If you don't turn in at least one flag for every lab, you will get an F. (Solving the tutorial counts, so if you solve all tutorials in all labs, you will not get an F.) - A: Average five or more challenges per lab, AND at least one flag per lab. - B: Average less than five but greater than four challenges per lab, AND at least one flag per lab. - C: Average less than four but greater than three challenges per lab, AND at least one flag per lab. - D: Average less than three challenges per lab, AND at least one flag per lab. - F: Zero flags submitted for at least one lab. - Expected distribution: 40%: A, 30-40%: B, 30-20%: C and below. - See `Game Rules `__. ----------------- Online Discussion ----------------- Online discussion is strongly encouraged and it will help you a lot in solving lab problems. Please join `Piazza `__ and post your questions, ideas and thoughts. ----------------- Misconduct Policy ----------------- CS6265 provides **a week** of a grace period (50% points after due date) and we strictly follow the cheating policy (read `GT's Academic Misconduct Policy `__). .. important:: **Cheating vs. collaboration** Collaboration is a very good thing. On the other hand, cheating is considered a very serious offense and is vigorously prosecuted. Vigorous prosecution requires that you be advised of the cheating policy of the course before the offending act. For this semester, the policy is simple: don’t cheat: - *Never* share code or text on the project. - *Never* use someone else’s code or text in your solutions. - *Never* consult project code or text that might be on the Internet. On the other hand, for this class, you are strongly encouraged to: - Share ideas. - Explain your code to someone to see if they know why it doesn’t work. - Help someone else debug if they've run into a wall. If you obtain help of any kind, always **write the name(s) of your sources**. (ref. http://courses.cs.washington.edu/courses/cse451/15au/) Don't publish or post your work online (e.g., github). Any violation of these rules would result in F in your grade. -------- Staff/TA -------- - TAs: Yu-fu Fu and Kevin Stevens - Feel free to send us an email to make an appointment (mailto:staff)