Course Information Teacher: Cliff Zou Office: HEC

Slides:



Advertisements
Similar presentations
Welcome to EECS 354 Network Penetration and Security.
Advertisements

電腦攻擊與防禦 The Attack and Defense of Computers CEA036許富皓.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
電腦攻擊與防禦 The Attack and Defense of Computers CE6107許富皓.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2012.
CAP6135: Malware and Software Vulnerability Analysis Examples of Term Projects Cliff Zou Spring 2012.
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2013.
Introduction to Honeypot, Botnet, and Security Measurement
A First Course in Information Security
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2015.
1 CDA6938 Special Topic: Research in Computer and Network Security (spring’07) Class Overview.
Viruses & Destructive Programs
Computer & Network Security
CPRG 215 Introduction to Object-Oriented Programming with Java Module 1-Introduction to Java Topic 1.1 Basics of Java Produced by Harvey Peters, 2008 Copyright.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2010.
Brandon Resheske. What is Malware? Code designed to interfere with normal computer operation The correct general term, instead of ‘virus.’ Basically,
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2013.
CIS 3360: Security in Computing Cliff Zou Spring 2012.
1 CAP6133: Advanced Topics in Computer Security and Computer Forensics (spring’08) Class Overview Dr. Cliff Zou.
CDA6530: Performance Models of Computers and Networks Cliff Zou Fall 2013.
CS 510 : Malicious Code and Forensics. About the course Syllabus at
1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.
Internet Safety Piotr Hasior Introduction Internet Safety Internet safety, or online safety, is the knowledge of maximizing the user's personal safety.
1 CDA 4527 Computer Networking Prof. Cliff Zou School of Computer Science University of Central Florida Fall 2005.
1 CDA 4527 Computer Communication Networking (not “analysis”) Prof. Cliff Zou School of Electrical Engineering and Computer Science University of Central.
Changes in Computer Security Will You Be Better Off?
CIT 380: Securing Computer SystemsSlide #1 CIT 380 Securing Computer Systems Threats.
CS 213 Introduction to Computer Systems Course Organization David O’Hallaron August 25, 1998 Topics: Staff, text, and policies Lecture topics and assignments.
Types of Malware © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
1 CNT 4704 Analysis of Computer Communication Networks Cliff Zou Department of Electrical Engineering and Computer Science University of Central Florida.
CAP6135: Malware and Software Vulnerability Analysis Cliff Zou Spring 2009.
Viruses A computer program that can replicate itself and is spread from one computer to another Can be spread by networks, the internet, or removable mediums.
Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.
Threats To Data 30 Threats To Data 30. Threats To Data 30 We’re now going to look at a range of different threats to people’s data: Opportunity Threats.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
1 CNT 3004 Computer Network Concept Cliff Zou School of Electrical Engineering and Computer Science University of Central Florida Summer 2012.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
CIS6395: Incident Response Technologies Cliff Zou Fall 2016.
CompTIA Security+ Study Guide (SY0-401) Chapter 9: Malware, Vulnerabilities, and Threats.
Penetration Testing Exploiting I: Password Cracking
Botnets A collection of compromised machines
Sabrina Wilkes-Morris CSCE 548 Student Presentation
Hacking Demo Part 2 Attack Phases
Network Security Fundamentals
CDA6938/COT4932 Special Topic: Research in Computer and Network Security (spring’06) Class Overview.
IT Security  .
Big Picture Consider this How many online threats might you be faced with a day?
CNT 4704 Computer Communication Networking (not “analysis”)
CNT 4704 Computer Communication Networking (not “analysis”)
Lecture 8. Cyber Security, Ethics and Trust
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2016.
CNT 4704 Computer Communication Networking (not “analysis”)
Botnets A collection of compromised machines
Introduction to Security: Modern Network Security Threats
Cyber Security Lesson Quarter 1.
Computer Systems Summary
Midterm 2 Exam Review Release questions via webcourse “assignment” around 2pm, Wednesday Mar. 28th, due via webcourse at 2pm, next day Submit format: Word.
CNT 4704 Analysis of Computer Communication Networks
CNT 4704 Analysis of Computer Communication Networks
Introduction to Computer Security II
Course Information Teacher: Cliff Zou Course Webpage:
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2011.
CNT 3004 Computer Network Concept
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow II: Defense Techniques Cliff Zou Spring 2009.
Introduction to Internet Worm
CSCE156: Introduction to Computer Science II
CNT4704: Analysis of Computer Communication Network Special Topic: Buffer Overflow II: Defense Techniques Cliff Zou Fall 2011.
CS201 – Course Expectations
Presentation transcript:

Malware and Software Vulnerability Analysis Cliff Zou University of Central Florida

Course Information Teacher: Cliff Zou Office: HEC243 407-823-5015 Email: czou@cs.ucf.edu

Prerequisites C programming language Programming experience Software security lecturing will mainly use C code as examples Programming experience Any programming language is fine Knowledge on computer architecture Know stack, heap, memory For our buffer overflow programming project Knowledge on OS, algorithm, networking Basic usage of Unix machine We will need to use Kali Linux Virtual Machine for some experiments and programming assignments

Objectives Learn software vulnerability Underlying reason for most computer security problems Buffer overflow: stack, heap, integer Buffer overflow defense: stackguard, address randomization … http://en.wikipedia.org/wiki/Buffer_overflow How to build secure software Software assessment, testing E.g., Fuzz testing

Objectives Learn computer malware: Learn malware analysis Malware: malicious software Viruses, worms, botnets Email virus/worm, spam, phishing, pharming Spyware, adware Trojan, rootkits,…. Learn malware analysis A good resource for reading: http://en.wikipedia.org/wiki/Malware Learn their characteristics Learn how to detect, monitoring, defend Learn how to simulation malware propagation

Course Materials No required textbook. Reference books: 19 Deadly Sins of Software Security (Security One-off) by Michael Howard, David LeBlanc, John Viega The Basics of Hacking and Penetration Testing (2nd edition) by Patrick Engebretson Hacker Techniques, Tools, and Incident Handling (2nd edition) by Sean-Philip Oriyano Online References: CS161: Computer Security, By Dawn Song from UC, Berkley. Software Security, by Erik Poll from Radboud University Nijmegen. Introduction to Software Security, by Vinod Ganapathy from Rutgers http://www.cis.syr.edu/~wedu/seed/ Hands-on Labs for Security Education, Dr. Wenliang Du, Syracuse University http://www.hackercurriculum.org/, Guide to ethical hacker publications, Wikipiedia: Great resource and tutorial for initial learning Other references as we go on:

Programming projects Probably will have 3 programming projects Example: Basic buffer overflow Use Unix machine, learn stack, debugger (gdb) Software fuzz testing Find bugs in a provided binary program Internet worm propagation simulation Understand how to do discrete-time simulation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.