- Legality of Hacking and Responsible Disclosure (30/1)
- Binary Reverse Engineering (6/2)
- Adversarial AI (13/2)
- Deserialization Attacks (Java/Python/.NET attacks) (20/2)
- Fuzzying: Binaries (AFL), make your own fuzzer, Web (27/2)
- Symbolic execution: Angr, build your own engine (5/3)
- Guest lecture: code scanning with CodeQL [Live coding files] (12/3)
- HW hacking (19/3) <- deadline 1 (Assignment update: Cancelled!)
- Bad use of cryptography / Breaking RSA (2/4)
- Forensics & antiforensics / Forensics Exercise (9/4)
- Identifying & breaking security assumptions (16/4) <- deadline 2
- Guest lecture: Nicolai Strøm Steffensen / CSIS (23/4)
- Tentative: small CTF game
- Find a project/organization, identify/agree on responsible disclosure policy.
- Preliminary exploration: HW/SW architecture, security model and assumptions.
- Choose a technique from class and hack away :)
- Follow through with responsible disclosure.