A hands-on course in cybersecurity techniques for future practitioners. Security Operations Centers, and their functions for organizations. Vulnerability scanning, packet sniffing, and threat hunting. Exploration and analysis of threat data with real-world threat intelligence platforms. Event triage and incident management. Advanced topics in applied cybersecurity. (3 credits)
๐ EE
59889 meets Mondays and Wednesdays from 3:30 - 4:45p
in NAC 1/302. |
Prerequisites: EE 25900 Programming for EE or
CSC 21200 Data Structures or Instructor Approval.
Course instructor: Tushar Jois (Office hours: Wed 1p - 2p in Steinman 638)
Course text: Wenliang Du, Computer & Internet Security: A Hands-on Approach, 3rd Edition, ISBN 978-17330039-4-0 (required).
| Date | Topic | Logistics |
|---|---|---|
| Wed Aug 27 | Course intro & cybersecurity basics | Make sure you get the textbook and set up the course VM! |
| Mon Sep 1 | No class (college closed) | |
| Wed Sep 3 | Lab: Security operations | Submit lab by 2p Sep 8 |
| Mon Sep 8 | Linux security basics (guest lecture) | Read textbook chapters 1, 2, 3 |
| Wed Sep 10 | Lab: Set-UID & environment variables | Submit lab by 2p Sep 15 |
| Mon Sep 15 | Buffer overflows & memory attacks | Read textbook chapter 4 |
| Wed Sep 17 | Lab: Buffer overflows | Submit lab by 2p Sep 29 |
| Mon Sep 22 | No class (no classes scheduled) | |
| Wed Sep 24 | No class (no classes scheduled) | |
| Mon Sep 29 | Race conditions & Dirty CoW | Read textbook chapters 7, 8 |
| Wed Oct 1 | No class (no classes scheduled) | |
| Mon Oct 6 | Lab: Race conditions | Submit lab by 2p Oct 10 |
| Wed Oct 8 | Exam 1 Review | Exam 1 is next class! (note the day of the week!) |
| Mon Oct 13 | No class (college closed) | |
| Tue Oct 14 | Exam 1 (Monday schedule) | |
| Wed Oct 15 | Viruses and worms (online) | |
| Mon Oct 20 | No class (no classes scheduled) | |
| Wed Oct 22 | Lab: Morris worm |
|
| Fri Oct 24 | Lab in-class work (Monday schedule) | Submit lab by 2p Oct 27 |
| Mon Oct 27 | Network security basics (guest lecture) | Read textbook chapters 11, 19 |
| Wed Oct 29 | Lab: Packet sniffing and snooping | Submit lab by 2p Nov 2 |
| Mon Nov 3 | CSRF & XSS | Read textbook chapters 12, 13 |
| Wed Nov 5 | Lab: XSS | Submit lab by 2p Nov 10 |
| Mon Nov 10 | SQL Injection & Clickjacking | Read textbook chapters 14, 15 |
| Wed Nov 12 | Lab: SQL Injection | Submit lab by 2p Nov 17 |
| Mon Nov 17 | Exam 2 review | Exam 2 is next class! |
| Wed Nov 19 | Exam 2 | |
| Mon Nov 24 | Project introduction (online) | Attendance is mandatory! |
| Wed Nov 26 | Project assignment and work day (self-guided) | |
| Mon Dec 1 | Project check-in meetings (online) | Attendance is mandatory! |
| Wed Dec 3 | Project in-class work day (self-guided) | Submit presentation by 2p Dec 8 |
| Mon Dec 8 | Project presentations day 1 | Attendance is mandatory! |
| Wed Dec 10 | Project presentations day 2 | Attendance is mandatory! |
| Mon Dec 15 | Take-home project reflection (self-guided) |
This course schedule is subject to change at any time. The course staff will notify students of any schedule changes as they occur. Assignment submission and grades will be on Brightspace.
Take note of the midterm exam dates. I expect all students to take these exams in person; please let the course staff know of any issues at least two weeks before any potential absences.
Take my advice: don't fall behind!
Formative assignments are designed to get you familiar with the material and try out concepts. As they are for practicing, formative assignments are graded only to ensure completion of assigned tasks. However, content from these assignments will appear on the exams. It is important to complete these assignments with full effort to truly comprehend all of the material; simply attending lectures is insufficient. The following are this course's formative assignments:
Summative assessments on the other hand, are designed to evaluate your progress in the course. These form the majority of your final grade in the course. Content on these assessments will be derived from course material. The following summative assessments will be utilized in the course:
If you have a question about your exam after it is graded, please come to office hours.
The course will be weighted as follows:
| 30% | Midterm Exam 1 (in class) |
| 30% | Midterm Exam 2 (in class) |
| 15% | Labs |
| 15% | Project presentation |
| 10% | Attendance & participation |
The following grade scales will apply to weighted scores, at a minimum:
| 100%: A+ | 99-92%: A | 91-90%: A- |
| 89-88%: B+ | 87-82%: B | 81-80%: B- |
| 79-78%: C+ | 77-72%: C | 71-70%: C- |
| 69-68%: D | < 67%: F |
The instructor may choose to curve all class grades up at the end of the course, and the above cutoffs could shift, which might improve your final grade. Note that this is not guaranteed, and would occur at the instructor's sole discretion.
Grades in the course are not subject to negotiation. If you suspect a clear grading error has been made, please consult the college's appeals process.
As provided by college policy, note that 4 or more absences from lab sessions will result an automatic WU grade for the semester. Being more than 15 minutes late to a lab session twice will count as one absence for this purpose. It is the responsibility of the student if they arrive late to check in with the instructor for attendance. This policy is intended to encourage attendance, as you often will be working in groups; not being there not only hurts your educational experience, but also those of your groupmates. If you are unable to keep up with the course, or expect to miss class due to extenuating circumstances, please inform the course staff as soon as possible.
Extra credit will be awarded to the attendance & participation grade for each attendance at an EE Department Seminar. Details on this opportunity will be posted later.
This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists and engineers, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanism for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern "hacking." Understand what the law prohibits. If in doubt, we can refer you to an attorney.
In addition to the law, as members of the City College of New York and users of its computer systems, you are also bound by its policies on computer use.
Academic dishonesty is prohibited in The City University of New York. Penalties for academic dishonesty include academic sanctions, such as failing or otherwise reduced grades, and/or disciplinary sanctions, including suspension or expulsion.
Academic integrity is at the core of a college or university education. Faculty assign essays, exams, quizzes, projects, and so on both to extend the learning done in the classroom and as a means of assessing that learning. When students violate the academic integrity policy (i.e., โcheatโ), they are committing an act of theft that can cause real harm to themselves and others including, but not limited to, their classmates, their faculty, and the caregivers who may be funding their education. Academic dishonesty confers an unfair advantage over others, which undermines educational equity and fairness. Students who cheat place their college's accreditation and their own future prospects in jeopardy.
On every exam, you will sign the following pledge: โI agree to complete this exam without unauthorized assistance from any person, materials or device.โ
Note on Generative AI: This course assumes that all work (i.e., formative assignments and summative assessments) and communications (i.e., messages and emails) have been created by the student or the student's group. The use of generative AI tools (such as ChatGPT, Copilot, Gemini, and others) to complete this course is strictly prohibited, and will be treated as academic dishonesty. Please contact the instructor if you have questions.
If you are struggling with anxiety, stress, depression, or other mental health-related concerns, please consider visiting the CCNY Counseling Center. If you are concerned about a friend, please encourage that person to seek out their services.
You are welcome to bring a family member to class on occasional days when your responsibilities require it (for example, if emergency childcare is unavailable, or for the health needs of a relative). Please be sensitive to the classroom environment, and if your family member becomes uncomfortably disruptive, you may leave the classroom and return as needed.
If you ever have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, I invite you to share directly with me, the department, or university administration. We promise that we will take your communication seriously and seek mutually acceptable resolutions and accommodations. Reporting will never impact your course grade. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).