Date | Topic/Readings | Attack |
---|---|---|
8/30 | Introduction | |
9/1 | Ethics & Law in Security Research: Background | |
9/6 | Ethics & Law in Security Research: Case Studies | |
9/8 | Cryptography Intro / TLS | |
9/13 | The Certificate Ecosystem | TLS information leakage |
9/15 | Crypto Failures in Practice | Certificate mis-validation |
9/20 | Building Anonymity | Traffic deanonymization |
9/22 | Breaking Anonymity | Data deanonymization |
9/27 | Censorship Resistance | On-path censorship and evasion |
9/29 | Protocol Obfuscation | Language detection on encrypted voice calls |
10/4 | Botnets | Cracking passwords |
10/6 | User Authentication | Breaking CAPTCHAs |
10/11 | Usable Security | Bypassing 2FA |
10/13 | Project Proposals | |
10/18 | Classic Memory Attacks/Defenses | |
10/20 | Modern Memory Attacks | Control flow attacks |
10/25 | Modern Memory Defenses | Kernel-level rootkit |
10/27 | Malware | Compiler Trojan Horse |
11/1 | Machine Learning Security | Image classification attacks |
11/3 | Privacy Attacks on Machine Learning | Membership inference attacks |
11/8 | Classic Web Security | Attacking vulnerable websites |
11/10 | Modern Web Security | Tricking users |
11/15 | Networking Intro | Kaminsky |
11/17 | TCP/IP Security | Off-path TCP attack |
11/22 | DoS Attacks | Middlebox amplification |
11/24 | Thanksgiving | |
11/29 | VPNs | VPN fingerprinting attack |
12/1 | Underground Economies | |
12/6 | Project presentations (1/2) | |
12/8 | Project presentations (2/2) |