| Date | Topic/Readings | Attack |
|---|---|---|
| 8/30 | Introduction | |
| 9/1 | Ethics & Law in Security Research: Background | |
| 9/6 | Ethics & Law in Security Research: Case Studies | |
| 9/8 | Cryptography Intro / TLS | |
| 9/13 | The Certificate Ecosystem | TLS information leakage |
| 9/15 | Crypto Failures in Practice | Certificate mis-validation |
| 9/20 | Building Anonymity | Traffic deanonymization |
| 9/22 | Breaking Anonymity | Data deanonymization |
| 9/27 | Censorship Resistance | On-path censorship and evasion |
| 9/29 | Protocol Obfuscation | Language detection on encrypted voice calls |
| 10/4 | Botnets | Cracking passwords |
| 10/6 | User Authentication | Breaking CAPTCHAs |
| 10/11 | Usable Security | Bypassing 2FA |
| 10/13 | Project Proposals | |
| 10/18 | Classic Memory Attacks/Defenses | |
| 10/20 | Modern Memory Attacks | Control flow attacks |
| 10/25 | Modern Memory Defenses | Kernel-level rootkit |
| 10/27 | Malware | Compiler Trojan Horse |
| 11/1 | Machine Learning Security | Image classification attacks |
| 11/3 | Privacy Attacks on Machine Learning | Membership inference attacks |
| 11/8 | Classic Web Security | Attacking vulnerable websites |
| 11/10 | Modern Web Security | Tricking users |
| 11/15 | Networking Intro | Kaminsky |
| 11/17 | TCP/IP Security | Off-path TCP attack |
| 11/22 | DoS Attacks | Middlebox amplification |
| 11/24 | Thanksgiving | |
| 11/29 | VPNs | VPN fingerprinting attack |
| 12/1 | Underground Economies | |
| 12/6 | Project presentations (1/2) | |
| 12/8 | Project presentations (2/2) |