4 weeks, 24 hours in total
Two evening classes a week
Up to 10 people in a group
When people think about cyber security, they imagine hackers in hoodies typing away at a terminal; the truth is a bit more anticlimactic, and much, much more interesting. Cyber warfare is waged from stuffy offices, amidst donut crumbs, by a bunch of people who look more like the IT crowd than Mr. Robot — so in this course, we'll learn information security in its truest form.
We'll start with an introduction to Linux internals and reverse-engineering in IDA, following by low-level vulnerabilities (such as buffer and stack overflows, return-oriented programming and heap metadata corruption), as well as defenses (canaries, DEP and ASLR).
We'll then go over logical vulnerabilities such as shellshock, zip escape, masterkey and metldown, and network vulnerabilities, covering the internet's entire protocol stack: from promiscuous mode and ARP poisoning, through IP spoofing and TCP injections, to stuff like DNS poisoning and amplification, and various distributed denial of service attacks. We'll also talk about the most important application of the internet: the web, and how it can be attacked and defended — SQL injections, through cross-site request forgery, cross-site scripting, and the seemingly invincible HTTPS.
To understand it better, we'll mix in some math: from symmetric encryption as old as time itself, to the miracles of modern cryptography, we'll cover key exchange, hash functions, digital signatures and zero-knowledge proofs.
Last but not least, we'll talk about how hacking is actually done: network operations, malware, and what can be done to stop them. We'll see the never-ending game of cat and mouse between viruses and antiviruses; and with Adleman's theorm and Ken Thompson's hack, we'll reach the inevitable conclusion that resistance is futile — if not for the mindset develops. That philosophy, that world view, can help us not just in information security, but all across the field of computer science — and even life.
Knowledge should be free — that's why I publish a lot of my materials online. But seeing as I can't scale my time, I have to charge money for it; and unfortunately, some people don't have the means to participate. So, every course iteration, one spot will be reserved for someone who couldn't have afforded it otherwise.
If you think you qualify, shoot me an email, tell me a bit about yourself, why you're interested in the course, and your situation — and we'll figure something out.