Computer Security: A Hands-on Approach from Udemy

What's inside

Learning objectives

How to exploit software vulnerabilities, and launch attacks
How to defend against various attacks and how to write secure code

Practical skills in cybersecurity
The fundamental problems of various software vulnerabilities

How to exploit software vulnerabilities, and launch attacks
How to defend against various attacks and how to write secure code
Practical skills in cybersecurity
The fundamental problems of various software vulnerabilities

Syllabus

Lab Setup and Linux Security Basics

Introduction

Set Up the Lab Environment

Textbook

Linux Users and Groups

Access Control and Permissions

Running Commands as Superuser

Summary

Set-UID Privileged Programs

The Need for Privileged Programs

The Set-UID Mechanism

What Can Go Wrong?

Attacks via Environment Variables

Attacks via Explicit User Inputs

Capability Leaking

Security Analysis and Summary

Lab Exercise

Shellshock Attack

Shellshock Vulnerability

Exploit the Vulnerability

Reverse Shell

Launch the Reverse Shell Attack & Summary

Buffer-Overflow Attacks

Memory Layout

Stack Layout

Buffer Overflow Vulnerability

Experiment Environment Setup

Launching Buffer Overflow Attacks

Exercises

Writing Shellcode

Countermeasures Overview

Developer's Approach

Address Space Layout Randomization

Shell Program's Defense

Non-Executable Stacks

Compiler's Approach: StackGuard

Heap-Based Buffer Overflow

Lab description

Return-to-Libc Attacks

Overcome the Challenges

The Return-to-libc Attack

Return Oriented Programming

Chaining Function Calls w/o Arguments

Chaining Function Calls with Arguments

Chaining Function Calls from Library

The Final Attack

Race Condition

Race Condition Vulnerability

Attack

Improved Attack

Countermeasures

Principle of Least Privilege

Dirty COW Attack

Introduction and Background

Background

Memory Mapping

Mapping Read-Only Files

The Dirty COW Vulnerability

Launch the Attack & Summary

Meltdown and Spectre Attacks

Side Channels

Use CPU Cache as Side Channel

"Secret Room and Guards"

Out Of Order Execution in Meltdown Attack

Launch the Meltdown Attack

Speculative Execution in Spectre Attack

Launch the Spectre Attack

Lab Exercises

Format String Vulnerability and Attack

How Format String Works

Format Stings with Missing Arguments

Read from Memory Using Vulnerabilities

Write to Memory

Write to Memory Faster

Code Injection

Remote Code Injection

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Provides practical hands-on skills in cybersecurity, which are highly relevant in industry

Teaches the fundamental problems of various software vulnerabilities, which is typically not addressed in other courses

Focuses on common attacks rather than niche attacks

Provides a unique perspective on attacks by directly showing how to conduct them in a safe environment

Emphasizes learning rather than memorization by using hands-on exercises in a virtual environment

Requires students to come in with experience using Linux security basics

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Computer Security: A Hands-on Approach with these activities:

Review and summarize the textbook

Show steps

Regularly reviewing the textbook material will enhance your understanding of the concepts and techniques covered in the course.

View Internet Security on Amazon

Show steps

Read and understand each chapter
Summarize the key points and make notes
Review your notes regularly

Practice buffer overflow attacks

Show steps

Hands-on practice with buffer overflow attacks will help solidify concepts and improve your ability to exploit software vulnerabilities.

Browse courses on Buffer Overflow Attacks

Show steps

Set up a virtual machine environment
Compile and run the provided vulnerable program
Craft a malicious payload and launch the attack
Analyze the results of the attack and understand the impact

Follow tutorials on exploiting race conditions

Show steps

Race conditions can be tricky to exploit. Following guided tutorials will provide step-by-step instructions and help you gain hands-on experience in identifying and exploiting these vulnerabilities.

Browse courses on Race Conditions

Show steps

Familiarize yourself with the basics of race conditions
Identify potential race conditions in sample code
Use tools or techniques to trigger and exploit race conditions

Four other activities

Expand to see all activities and additional details

Show all seven activities

Write a blog post or article on the Dirty COW attack

Show steps

Writing about the Dirty COW attack will help you synthesize and communicate your understanding of a significant vulnerability and its impact on system security.

Show steps

Research and gather information about the Dirty COW attack
Organize your thoughts and outline the key points
Write a draft and seek feedback from peers or experts
Finalize and publish your blog post or article

Develop a security-focused software patch

Show steps

Creating a security patch will provide practical experience in addressing software vulnerabilities and demonstrate your understanding of defensive techniques.

Browse courses on Software Security

Show steps

Analyze the vulnerability and design a patch
Implement the patch in a test environment
Test and verify the effectiveness of the patch
Release and document the patch

Build a simple security scanner to detect vulnerabilities

Show steps

Building a security scanner will provide practical experience in applying your knowledge of vulnerabilities to develop tools for detecting and mitigating security risks.

Browse courses on Security Scanning

Show steps

Research and identify common vulnerabilities
Design and implement a scanning algorithm
Test and refine your scanner
Deploy and use your scanner to assess the security of systems

Practice exploit development for Spectre and Meltdown attacks

Show steps

Developing exploits for Spectre and Meltdown attacks will deepen your understanding of advanced side-channel attacks and improve your ability to exploit complex vulnerabilities.

Browse courses on Side-Channel Attacks

Show steps

Study the theory behind Spectre and Meltdown attacks
Set up a test environment for exploit development
Develop and test your exploits
Evaluate the effectiveness of your exploits

Career center

Learners who complete Computer Security: A Hands-on Approach will develop knowledge and skills that may be useful to these careers:

Cybersecurity Consultant

Cybersecurity Consultants help organizations improve their cybersecurity posture. To succeed in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Cybersecurity Consultant. It covers topics such as exploit, defense, and practical cybersecurity skills.

See salaries and explore the career path for Cybersecurity Consultant

Security Auditor

Security Auditors assess an organization's security posture and make recommendations for improvement. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Security Auditor. It covers topics such as exploit, defense, and practical cybersecurity skills.

See salaries and explore the career path for Security Auditor

Network Security Engineer

Network Security Engineers are responsible for designing, implementing, and managing an organization's network security infrastructure. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Network Security Engineer. It covers topics such as exploit, defense, and practical cybersecurity skills.

See salaries and explore the career path for Network Security Engineer

Incident Responder

Incident Responders are responsible for responding to and mitigating security incidents. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as an Incident Responder. It covers topics such as exploit, defense, and practical cybersecurity skills.

See salaries and explore the career path for Incident Responder

Security Engineer

A Security Engineer designs, implements, and maintains an organization's security infrastructure. This course will help you launch your career as a Security Engineer by teaching you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical skills in cybersecurity that you can apply on the job. Security Engineers typically have a bachelor's degree in computer science or a related field. They also need to be proficient in programming and networking.

See salaries and explore the career path for Security Engineer

Cybersecurity Architect

Security Architects design and implement security solutions for organizations. Often working with clients in other roles, such as IT management, Cybersecurity Architects create solutions to unique problems. To be successful as a Cybersecurity Architect, you’ll need to have a deep understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful in this role. It covers topics such as exploit, defense, and practical cybersecurity skills. Many Cybersecurity Architects hold at least a bachelor's degree in computer science or a related field. This course can help prepare you for this career field and give you valuable insight into what employers look for in successful candidates.

See salaries and explore the career path for Cybersecurity Architect

Penetration Tester

Penetration Testers, also known as Ethical Hackers, use their skills to identify and exploit vulnerabilities in computer systems and networks. This course will teach you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical cybersecurity skills that you can apply on the job as a Penetration Tester. Most Penetration Testers hold at least a bachelor's degree in computer science or a related field. This course can help you gain the skills and knowledge needed to enter this exciting field.

See salaries and explore the career path for Penetration Tester

Chief Technology Officer (CTO)

The Chief Technology Officer (CTO) is responsible for overseeing an organization's technology strategy. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a CTO. It covers topics such as exploit, defense, and practical cybersecurity skills.

See salaries and explore the career path for Chief Technology Officer (CTO)

Chief Information Security Officer (CISO)

The Chief Information Security Officer (CISO) is responsible for overseeing an organization's information security program. To be successful in this role, you’ll need to have a deep understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a CISO. It covers topics such as exploit, defense, and practical cybersecurity skills.

See salaries and explore the career path for Chief Information Security Officer (CISO)

Ethical Hacker

Ethical Hackers, also known as penetration testers, use their skills to identify and exploit vulnerabilities in computer systems and networks. This course will teach you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical cybersecurity skills that you can apply on the job as an Ethical Hacker. Most Ethical Hackers hold at least a bachelor's degree in computer science or a related field. This course can help you develop the skills and knowledge you need to succeed in this exciting and in-demand career field.

See salaries and explore the career path for Ethical Hacker

Information Technology (IT) Manager

IT Managers are responsible for planning, implementing, and managing an organization's IT systems. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as an IT Manager. It covers topics such as exploit, defense, and practical cybersecurity skills. While many IT Managers hold at least a bachelor's degree in computer science or a related field, many also hold an advanced degree, such as an MBA.

See salaries and explore the career path for Information Technology (IT) Manager

Malware Analyst

Malware Analysts study malicious software, commonly referred to as malware, to understand its behavior and mitigate the risks it poses to computer systems. The skills learned in this course, such as exploitation, defense, and practical cybersecurity, will provide you with a solid foundation to become a successful Malware Analyst. While Malware Analysts typically hold at least a bachelor's degree in computer science, this course can help you develop the skills you need to break into the field.

See salaries and explore the career path for Malware Analyst

Cybersecurity Researcher

Cybersecurity Researchers study cybersecurity threats and develop new ways to mitigate them. This course will teach you how to exploit software vulnerabilities, defend against attacks, and write secure code. You’ll also gain practical cybersecurity skills that you can apply on the job as a Cybersecurity Researcher. While many Cybersecurity Researchers hold graduate degrees, such as master's degree or PhDs, this course can help you develop a foundation for success in this emerging field.

See salaries and explore the career path for Cybersecurity Researcher

Information Security Analyst

Every organization collects, stores, and shares sensitive data. An Information Security Analyst’s job is to protect that data from cybercriminals. To succeed as an Information Security Analyst, you’ll need to develop all the skills taught in this course. These include exploitation, defense, and practical cybersecurity skills. Many Information Security Analysts hold at least a master's degree in computer science, information systems security, or a related field. The skills learned in this course will help you build a solid foundation for success in this career role.

See salaries and explore the career path for Information Security Analyst

Computer Forensic Analyst

Computer Forensic Analysts investigate cybercrimes and collect evidence from computer systems. To be successful in this role, you’ll need to have a strong understanding of cybersecurity threats and how to mitigate them. This course will help you develop the skills and knowledge you need to be successful as a Computer Forensic Analyst. It covers topics such as exploit, defense, and practical cybersecurity skills. Many Computer Forensic Analysts hold at least a bachelor's degree in computer science or a related field. This course can help prepare you for this career field and give you a competitive edge in the job market.

See salaries and explore the career path for Computer Forensic Analyst