Instructor Fall 2018: John Black

What's This Course About??

This is a hands-on course about computer security. Security is a vast area, so we cannot hope to cover more
than a fraction of introductory material, but we will be ambitious. Expect to work hard.


There will be occasional homeworks. There will be occasional quizzes. The final is a live exercise. 45% homework, 25% quizzes, 20% final exam, 10% class participation.


The prerequisites for this class are pretty severe:

  • Architecture (you know assembly language and computer organization),
  • Networks (you know what ARP, DHCP, DNS, UDP, TCP/IP, ICMP do and how they work; you know the basics of Ethernet and 802.11, you know what NAT is, what a gateway is, what a firewall is, and the difference between a switch and a router)
  • Operating Systems (you know what a kernel is, you understand processes, threads, virtual memory, file systems, dynamic linkers, machine virtualization, etc)
  • Programming Languages (you know how high-level languages are converted into machine code, how parameters are passed; you've seen and are familiar with a wide-variety of languages)
  • Web technology (you know the basic set-ups for common web-technology platforms)

Ideally, you will have some exposure and experience with the following as well:

  • System Administration (you have administered at least your own machine and perhaps a few others; you have experience with Windows and Unix/Linux)
  • Security Issues (you know the basics of password strength, perhaps you know how /etc/passwd works on Unix; you know what a DoS attack is)
  • Application Frameworks (you know how most major network services work like SMTP, FTP, HTTP, SSH; you know web-based technology)
  • Polyglot (you know a few languages like Bourne/bash, C, C++, Java, Perl, Python, Ruby, PHP, HTML, Javascript, SQL)

Finally, you have the heart of a hacker. That is, you are not afraid to dive in and learn something even if you know nothing about it. You love computers and technology and are willing to spend hours rooting out the tiniest details in order to find what you need.

There is no way any of us (myself included) have mastered everythingin the list above. But students who find themselves with major gaps in the first list (basic CS background) are probably going to have a rough time in this class; I reserve the right to refuse admission to the class for those who lack the appropriate background. If you want to do a self-assessment, try the hacking test at

Optional Textbook

Gray Hat Hacking