Introduction to Security – Readings
Introduction to Security
Copyright By PowCoder代写 加微信 powcoder
Public Service Announcement
Harassment at DefCon (and Other Hacker Cons) by
DEF CON Conference Code
of Conduct
CON: Why Conference Harassment Matters (adainitiative.org)
Course Introduction
Disaster Foretold –and Ignored (Washington Post)
Reflections on Trusting Trust by
Every Computer Science Degree Should Require a Course in Cybersecurity (Harvard Business
How Do You Get Students to Think Like Criminals? The skills needed for
cybersecurity jobs arenʼt easy to learn in the classroom (Wolff, NYT)
Programmers: Stop Calling Yourselves Engineers (The Atlantic)
How Internet Resources Might Be Helping You Develop Faster but Less
Securely (Acar et al., IEEE Security & Privacy March/April 2017)
Defending Against Hackers Took a Back Seat at Yahoo, Insiders Say (NYT)
Cybersecurity: Time
for a (Lawfare)
Trinity of Trouble: Why the Problem is Growing (Freedom to Tinker)
Video (YouTube): Dr. ‘s 2014 Keynote. The text of his talk: http://geer.tinho.net/geer.blackhat.6viii14.txt
Video (YouTube): How to Prevent
Security Afterthought Syndrome by (HOPE X, July 2014)
Video (Livestream): (continuing Sarah’s work) The Cyber Security Education Gap – What Do We Do Now? (The
Eleventh HOPE, July 2016)
Video (YouTube): Tacoma Narrows Bridge
Networking and Packets
Network Protocols (Destroy All Software)
Tools and Techniques to Succeed at the Wall of Sheep (on wallofsheep.com)
Video (YouTube): What is TCP/IP?
Video (YouTube): The OSI Model
Demystified
Video (YouTube): Address Resolution
Protocol (ARP) Explained
Video (YouTube): Basic Wireshark
overview, PCAPs, reconstruction, extraction, filters
Video (Asciinema): Identifying usernames and
passwords in PCAPs using Ettercap
Attacking Networks: Sniffing, Scanning, Distributed Denial of Service (DDoS)
ARP Spoofing (Veracode)
Fun With Network Friends (2600 Magazine, Summer 2008)
We scanned
the Internet for port 22 (Errata Security)
Thousands of computers open to eavesdropping and hijacking (Sophos)
Inside a DNS Amplification DDoS Attack (Cloudflare)
‘ Blog Hit by 665 Gbps DDoS Attack (SecurityWeek)
How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet
(Motherboard)
Dramatic Increase of DDoS Attack Sizes Attributed to IoT Devices (BleepingComputer)
How The U.S.
Hacked ISIS (NPR)
Cryptography
SHAttered: We have broken SHA-1 in practice.
Credential-Probing Attacks ( ‘s talk to
this class back in fall 2017)
How to Dramatically Improve Corporate IT Security Without Spending Millions
(Praetorian)
You Wouldn’t Base64 a Password – Cryptography Decoded (Paragon Initiative)
Security Update: Reused password attack (GitHub)
Analyzing the Patterns of Numbers
in 10M Passwords ( ‘s Blog)
Salted Password Hashing – Doing it
Right (CrackingStation)
Hacker, Hack
Thyself: Always assume that Internet Bad Guys will somehow get a copy of your database. Then what?
(Coding Horror)
Enterprise Security – SSL/TLS Primer Part 1 – Data Encryption (Akamai)
Enterprise Security – SSL/TLS Primer Part 2 – Public Key Certificates (Akamai)
Illustrated: How HTTPS
Works (sudhakar.online)
Every Byte of a TLS Connection Explained and Reproduced
(ulfheim.net)
Vulnerabilities
A Brief History of Software, Security, and Software Security: Bits, Bytes, Bugs, and the
BSIMM ( Graw’s talk to my class in fall 2013)
We See the Future and It’s Not Pretty:
Predicting the Future Using Vulnerability Data ( ‘s talk to this class back in fall
Introduction to CVE, CWE, and the Top 25 ( Coley’s guest talk to this class back in fall 2015)
Verizon’s 2019 Data Breach
Investigations Report (DBIR)
Why Everything is Hackable: Computer Security is Broken From Top to Bottom (The
Economist)
The Difference Between CWE and
The Language of AppSec
(Veracode)
Application Security Tools: Good or Bad? (Freedom-To-Tinker)
Badness-meters Are Good. Do You Own One? (Synopsys)
Metasploitable 2 Exploitability Guide
How Half a Million Instances of User Data Was Left Exposed ( )
Facebook Helped the FBI Hack a Child Predator (Vice)
Web Security
Web Security: Thinking like an Attacker ( ‘s guest talk to this class back in fall 2016)
Veracode’s State of Software Security Volume 10 (2019)
How The Web Works –In One
Easy Lesson (mkcohen.com)
What happens when you type Google.com
into your browser and press enter? (on GitHub)
OWASP Top 10 (latest 2017)
2020 CWE Top 25 Most
Dangerous Software Errors
Cross-Site Request Forgery Guide: Learn All
About CSRF Attacks and CSRF Protection (Veracode)
Cross-Site
Request Forgeries and You (Coding Horror)
CSRF Attacks – What They Are
and How to Defend Against Them (Acunetix)
Cross-Site
Request Forgery (OWASP)
Cross-Site
Request Forgeries: Exploitation and Prevention (Zeller, Felten)
Blind SQL Injection:
What is it? (Acuenix)
XKCD: Exploits of a Mom
The History of SQL Injection, the Hack That Go Away (Vice)
Anonymous Leaks Paris Climate Summit Officials’ Private Data (Wired)
Why Even Google Is Susceptible to the Most Basic Website Vulnerabilities (Veracode)
Paypal 2FA Bypass
(henryhoggard.co.uk)
10 Scariest Vulnerabilities (Veracode)
Video (YouTube): Cross-Site Scripting (XSS)
Tutorial by (Veracode)
Wacom Tablets Track Every App You Open ( )
Capture The Flags (CTF) Game
Team Anonymous Elephant’s write-up in 2018 MITRE Embedded
Capture The Flag Competition (won ” TF Writeup” award, team placed 2nd out of 15 schools in
competition)
Static and Dynamic Analysis
Binary Static Analysis ( ‘s talk to this class back in spring 2012)
Lessons from Building Static Analysis Tools at Google (Sadowski
et al., Communications of the ACM, April 2018)
Malware Unicorn’s Reverse
Engineering Malware 101 (malwareunicorn.org)
The Internet Worm Program: An
Analysis (purdue.edu)
Reverse Engineering Malware (Alien Vault now AT&T Cybersecurity)
CryptoLocker Ransomware (Sophos)
SMB Exploited: WannaCry Use of “EternalBlue” (FireEye)
Viking Horde: A New Type of Android Malware on Google Play (Check Point)
Building a Home Lab to Become a Malware Hunter – A Beginner’s Guide (Alien Vault now
AT&T Cybersecurity)
How to Analyze an Android Bot ( Namee, RSA Conference 2016)
Mirai and IoT Botnet Analysis ( , RSA
Conference 2017)
Malicious Code: A Report to the Infosec Research Council (McGraw and Morrisett, IEEE 2000)
Forensics and Incident Handling
Incident Detection and Response ( ‘ guest talk to
this class back in fall 2015)
The Future: Nihilism or Hope?
CyberInsecurity: The Cost of Monopoly – How the Dominance of
Microsoft’s Products Poses a Risk to Security ( et al.)
Summary of Panel: The Politicization of Security at USENIX
2004 Annual Conference ( , USENIX ;login: October 2004)
Strike Back ( , USENIX ;login: December
Why the U.S. Should Switch from Cyber-Deterrence to Playing
Cyber-Offense ( , Foreign Policy)
In Cyberwar, There are No Rules ( , Foreign Policy)
Lessons Learned by Hacking a Car ( , IEEE November/December 2019)
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com