CS6035 Intro To Info Security

Lectures are optional. This course is projects based: 7 mandatory projects, 1 bonus projects. Overall, this is ha ands-on course. I practiced my skills across various topics about software securities.

Projects, score percentage and its spent time

Man in the Middle 13% - 11 hrs

In this project, we need to analyze the Wireshark  captured network packages to do Internet Relay Chat(IRC)  analysis, manually and programatically via PyShark , The traffic may involve TCP , DNS , HTTP , IRC, etc.

We may use CyberChef  to decipher some code.

Database Security 13% - 12 hrs, 5 hrs review lectures

We will analyze SQL injection, Database, Spreadsheet information leak.

Malware Analysis 13% - 7.5 hrs

Here we analyze various malware reports: including:

• Data obfuscation
• Defense evasion
• Network indicators
• Host based indicators
• Malware family associations
• Data theft and exfiltration
• Persistence mechanisms

API Security 13% - 8 hrs

We will try to exploit REST API for information. The topics covered:

• Web-based RESTful http services 
• JSON, XML and Yaml serialization formats 
• Swagger 
• Postman 
• OAUTH based security protocols 
• JWT security tokens 
• CORS browser protection 

Cryptography 16% - 13 hrs

Using Python to study cryptography and symmetric and asymmetric crypto algorithms.

Binary Exploitation 16% - 11 hrs

In this project, we’re using C Code  to exploit C Memory handling with respect to Stack  , Heap  via pwndbg  and GDB  .

Background:

Binary and Hexadecimal Numbering Systems 

ASCII Text 

Capture The Flag style competition 

Log4Shell 16% - 7 hrs

We’re using JNDI/LDAP knowledge in Java and exploit via

https://github.gatech.edu/pages/cs6035-tools/cs6035-tools.github.io/Projects/Log4Shell/ 

[NIST CVE Overview ] [Randori: What is Log4Shell ]

Log4Shell Reference Materials

• General Project Introduction  This is a general overview. Some details may change each semester (i.e., login credentials)
• LDAP server  used to run the exploit.
• Log4JExploit Intro 
• How Log4Shell Works 
• Log4J Documentation 
• Log4Shell Example 
• Helpful Linux Networking Commands 
• NCAT Command 
• Java Unmarshaller Security 
• A Journey From JNDI/LDAP Manipulation To RCE 
• Hands on Introduction to Log4Shell exploit in general (not this project but helpful) 
• If you have no experience in Java, Log4j/logging, RESTful applications, JNDI, LDAP, we STRONGLY encourage you to do research into the topics.
• A Real World Recent Example of This Exploit and Its Dangers 

Machine Learning in Cybersecurity 2.5% - 0.5 hr

Learning Goals of this Project

• Learning Basic Pandas Dataframe Manipulations
• Learning more about Machine Learning (ML) Classification models and how they are used in a Cybersecurity Context.
• Learning about basic Data pipelines and Transformations
• Learning how to write and use Unit Tests when developing Python code

ML Reference Materials

• NumPy Documentation 
• Pandas Documentation 
• Scikit-learn Documentation 
• Introduction Video