We may earn an affiliate commission when you visit our partners.
Course image
Wenliang Du

This course focuses on a variety of attacks on computer systems. Some of them are classical attacks, and some are quite new, such as the recently discovered Dirty COW, Meltdown, and Spectre attacks. The course emphasizes hands-on learning. For each attack covered, students not only learn how the attack work in theory, they also learn how to actually conduct the attack, in a contained virtual machine environment. The hands-on exercises developed by the instructor are called SEED labs, and they are being used by over 1000 institutes worldwide. The course is based on the textbook written by the instructor. The book, titled "Computer & Internet Security: A Hands-on Approach, 2nd Edition", has been adopted by over 120 universities and colleges worldwide.

Enroll now

Here's a deal for you

We found an offer that may be relevant to this course.
Save money when you learn. All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.

What's inside

Learning objectives

  • How to exploit software vulnerabilities, and launch attacks
  • How to defend against various attacks and how to write secure code
  • Practical skills in cybersecurity
  • The fundamental problems of various software vulnerabilities

Syllabus

Lab Setup and Linux Security Basics
Introduction
Set Up the Lab Environment
Textbook
Read more
Linux Users and Groups
Access Control and Permissions
Running Commands as Superuser
Summary
Set-UID Privileged Programs
The Need for Privileged Programs
The Set-UID Mechanism
What Can Go Wrong?
Attacks via Environment Variables
Attacks via Explicit User Inputs
Capability Leaking
Security Analysis and Summary
Lab Exercise
Shellshock Attack
Shellshock Vulnerability
Exploit the Vulnerability
Reverse Shell
Launch the Reverse Shell Attack & Summary
Buffer-Overflow Attacks
Memory Layout
Stack Layout
Buffer Overflow Vulnerability
Experiment Environment Setup
Launching Buffer Overflow Attacks
Exercises
Writing Shellcode
Countermeasures Overview
Developer's Approach
Address Space Layout Randomization
Shell Program's Defense
Non-Executable Stacks
Compiler's Approach: StackGuard
Heap-Based Buffer Overflow

Lab description

Return-to-Libc Attacks
Overcome the Challenges
The Return-to-libc Attack
Return Oriented Programming
Chaining Function Calls w/o Arguments
Chaining Function Calls with Arguments
Chaining Function Calls from Library
The Final Attack
Race Condition
Race Condition Vulnerability
Attack
Improved Attack
Countermeasures
Principle of Least Privilege
Dirty COW Attack
Introduction and Background
Background
Memory Mapping
Mapping Read-Only Files
The Dirty COW Vulnerability
Launch the Attack & Summary
Meltdown and Spectre Attacks
Side Channels
Use CPU Cache as Side Channel
"Secret Room and Guards"
Out Of Order Execution in Meltdown Attack
Launch the Meltdown Attack
Speculative Execution in Spectre Attack
Launch the Spectre Attack
Lab Exercises
Format String Vulnerability and Attack
How Format String Works
Format Stings with Missing Arguments
Read from Memory Using Vulnerabilities
Write to Memory
Write to Memory Faster
Code Injection
Remote Code Injection

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Provides practical hands-on skills in cybersecurity, which are highly relevant in industry
Teaches the fundamental problems of various software vulnerabilities, which is typically not addressed in other courses
Focuses on common attacks rather than niche attacks
Provides a unique perspective on attacks by directly showing how to conduct them in a safe environment
Emphasizes learning rather than memorization by using hands-on exercises in a virtual environment
Requires students to come in with experience using Linux security basics

Save this course

Save Computer Security: A Hands-on Approach to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Computer Security: A Hands-on Approach with these activities:
Review and summarize the textbook
Regularly reviewing the textbook material will enhance your understanding of the concepts and techniques covered in the course.
View Internet Security on Amazon
Show steps
  • Read and understand each chapter
  • Summarize the key points and make notes
  • Review your notes regularly
Practice buffer overflow attacks
Hands-on practice with buffer overflow attacks will help solidify concepts and improve your ability to exploit software vulnerabilities.
Browse courses on Buffer Overflow Attacks
Show steps
  • Set up a virtual machine environment
  • Compile and run the provided vulnerable program
  • Craft a malicious payload and launch the attack
  • Analyze the results of the attack and understand the impact
Follow tutorials on exploiting race conditions
Race conditions can be tricky to exploit. Following guided tutorials will provide step-by-step instructions and help you gain hands-on experience in identifying and exploiting these vulnerabilities.
Browse courses on Race Conditions
Show steps
  • Familiarize yourself with the basics of race conditions
  • Identify potential race conditions in sample code
  • Use tools or techniques to trigger and exploit race conditions
Four other activities
Expand to see all activities and additional details
Show all seven activities
Write a blog post or article on the Dirty COW attack
Writing about the Dirty COW attack will help you synthesize and communicate your understanding of a significant vulnerability and its impact on system security.
Show steps
  • Research and gather information about the Dirty COW attack
  • Organize your thoughts and outline the key points
  • Write a draft and seek feedback from peers or experts
  • Finalize and publish your blog post or article
Develop a security-focused software patch
Creating a security patch will provide practical experience in addressing software vulnerabilities and demonstrate your understanding of defensive techniques.
Browse courses on Software Security
Show steps
  • Analyze the vulnerability and design a patch
  • Implement the patch in a test environment
  • Test and verify the effectiveness of the patch
  • Release and document the patch
Build a simple security scanner to detect vulnerabilities
Building a security scanner will provide practical experience in applying your knowledge of vulnerabilities to develop tools for detecting and mitigating security risks.
Browse courses on Security Scanning
Show steps
  • Research and identify common vulnerabilities
  • Design and implement a scanning algorithm
  • Test and refine your scanner
  • Deploy and use your scanner to assess the security of systems
Practice exploit development for Spectre and Meltdown attacks
Developing exploits for Spectre and Meltdown attacks will deepen your understanding of advanced side-channel attacks and improve your ability to exploit complex vulnerabilities.
Browse courses on Side-Channel Attacks
Show steps
  • Study the theory behind Spectre and Meltdown attacks
  • Set up a test environment for exploit development
  • Develop and test your exploits
  • Evaluate the effectiveness of your exploits

Career center

Learners who complete Computer Security: A Hands-on Approach will develop knowledge and skills that may be useful to these careers:
Cybersecurity Consultant
Cybersecurity Consultants help organizations improve their cybersecurity posture. To succeed in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Cybersecurity Consultant. It covers topics such as exploit, defense, and practical cybersecurity skills.
Security Auditor
Security Auditors assess an organization's security posture and make recommendations for improvement. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Security Auditor. It covers topics such as exploit, defense, and practical cybersecurity skills.
Network Security Engineer
Network Security Engineers are responsible for designing, implementing, and managing an organization's network security infrastructure. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Network Security Engineer. It covers topics such as exploit, defense, and practical cybersecurity skills.
Incident Responder
Incident Responders are responsible for responding to and mitigating security incidents. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as an Incident Responder. It covers topics such as exploit, defense, and practical cybersecurity skills.
Security Engineer
A Security Engineer designs, implements, and maintains an organization's security infrastructure. This course will help you launch your career as a Security Engineer by teaching you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical skills in cybersecurity that you can apply on the job. Security Engineers typically have a bachelor's degree in computer science or a related field. They also need to be proficient in programming and networking.
Cybersecurity Architect
Security Architects design and implement security solutions for organizations. Often working with clients in other roles, such as IT management, Cybersecurity Architects create solutions to unique problems. To be successful as a Cybersecurity Architect, you’ll need to have a deep understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful in this role. It covers topics such as exploit, defense, and practical cybersecurity skills. Many Cybersecurity Architects hold at least a bachelor's degree in computer science or a related field. This course can help prepare you for this career field and give you valuable insight into what employers look for in successful candidates.
Penetration Tester
Penetration Testers, also known as Ethical Hackers, use their skills to identify and exploit vulnerabilities in computer systems and networks. This course will teach you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical cybersecurity skills that you can apply on the job as a Penetration Tester. Most Penetration Testers hold at least a bachelor's degree in computer science or a related field. This course can help you gain the skills and knowledge needed to enter this exciting field.
Chief Technology Officer (CTO)
The Chief Technology Officer (CTO) is responsible for overseeing an organization's technology strategy. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a CTO. It covers topics such as exploit, defense, and practical cybersecurity skills.
Chief Information Security Officer (CISO)
The Chief Information Security Officer (CISO) is responsible for overseeing an organization's information security program. To be successful in this role, you’ll need to have a deep understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a CISO. It covers topics such as exploit, defense, and practical cybersecurity skills.
Ethical Hacker
Ethical Hackers, also known as penetration testers, use their skills to identify and exploit vulnerabilities in computer systems and networks. This course will teach you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical cybersecurity skills that you can apply on the job as an Ethical Hacker. Most Ethical Hackers hold at least a bachelor's degree in computer science or a related field. This course can help you develop the skills and knowledge you need to succeed in this exciting and in-demand career field.
Information Technology (IT) Manager
IT Managers are responsible for planning, implementing, and managing an organization's IT systems. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as an IT Manager. It covers topics such as exploit, defense, and practical cybersecurity skills. While many IT Managers hold at least a bachelor's degree in computer science or a related field, many also hold an advanced degree, such as an MBA.
Malware Analyst
Malware Analysts study malicious software, commonly referred to as malware, to understand its behavior and mitigate the risks it poses to computer systems. The skills learned in this course, such as exploitation, defense, and practical cybersecurity, will provide you with a solid foundation to become a successful Malware Analyst. While Malware Analysts typically hold at least a bachelor's degree in computer science, this course can help you develop the skills you need to break into the field.
Cybersecurity Researcher
Cybersecurity Researchers study cybersecurity threats and develop new ways to mitigate them. This course will teach you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical cybersecurity skills that you can apply on the job as a Cybersecurity Researcher. While many Cybersecurity Researchers hold graduate degrees, such as master's degree or PhDs, this course can help you develop a foundation for success in this emerging field.
Information Security Analyst
Every organization collects, stores, and shares sensitive data. An Information Security Analyst’s job is to protect that data from cybercriminals. To succeed as an Information Security Analyst, you’ll need to develop all the skills taught in this course. These include exploitation, defense, and practical cybersecurity skills. Many Information Security Analysts hold at least a master's degree in computer science, information systems security, or a related field. The skills learned in this course will help you build a solid foundation for success in this career role.
Computer Forensic Analyst
Computer Forensic Analysts investigate cybercrimes and collect evidence from computer systems. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Computer Forensic Analyst. It covers topics such as exploit, defense, and practical cybersecurity skills. Many Computer Forensic Analysts hold at least a bachelor's degree in computer science or a related field. This course can help prepare you for this career field and give you a competitive edge in the job market.

Reading list

We've selected nine books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Computer Security: A Hands-on Approach.
Is the companion textbook for the course. It provides a comprehensive overview of computer security. It covers a wide range of topics, including cryptography, network security, and system security. The course is based on this textbook and it provides a good foundation for the course.
Comprehensive overview of computer security with a focus on practical implementation. It covers a wide range of topics, including cryptography, network security, and system security.
Provides a hands-on approach to penetration testing using Kali Linux. It covers a wide range of topics, including network scanning, vulnerability assessment, and exploitation. It would be helpful to read this book after taking Computer Security: A Hands-on Approach to reinforce and expand upon the exploitation techniques covered in the course.
Comprehensive textbook on computer security. It covers a wide range of topics, including cryptography, network security, and system security. Stallings is an authority on computer security and his book valuable resource for anyone interested in the field.
Provides an in-depth overview of cryptography. It covers a wide range of topics, including block ciphers, stream ciphers, and public-key cryptography. Schneier renowned expert in cryptography and his book valuable resource for anyone interested in the field.
Provides a comprehensive overview of web application security. It covers a wide range of topics, including web application attacks, web application security testing, and web application security best practices. Provides a hands-on focus on web application security and can be a useful resource for those interested in learning more about this specific area.
Provides a hands-on introduction to penetration testing. It covers a wide range of topics, including penetration testing tools, penetration testing techniques, and penetration testing best practices. It provides valuable hands-on experience in penetration testing.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Computer Security: A Hands-on Approach.
Internet Security: A Hands-on Approach
Most relevant
Transient-Execution Attacks: Understanding Meltdown and...
Most relevant
Side-Channel Security: Developing a Side-Channel Mindset
Most relevant
Introduction to Software Side Channels and Mitigations
Most relevant
DoS, DDoS, DRDoS & BotNets
Detecting and Mitigating Cyber Threats and Attacks
Attacks and Exploits: Network and Application Attacks for...
TOTAL: CompTIA PenTest+ (Ethical Hacking) PT0-002 + 2...
The Complete Mobile Ethical Hacking Course
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser