EEE400 Introduction to Cyber Attack Theory
This document is a contract between EEE400 students and the instructor (Dr. Vincent Roberge). You must read it and understand it. We will discuss the important points during the first lesson.
I will post this document and all other course information on this web page roberge.segfaults.net. The course pages are password protected. The username is 400 and the password will be given to you during the first lesson.
Upon completion of the course, students will be able to understand the requirements of red team activities, as well as the methods, tools, and processes used by modern vulnerability scanning teams.
The official course description, as published in the undergraduate calendar, is as follows:
“Cyber security within the military is a growing and important field. This course aims at educating the students in understanding a broad range of cyber threats. Students completing this course will understand the fundamentals of exploitation techniques employed by adversaries. Students completing this course will gain an understanding of a breadth of the fundamentals will bootstrap their abilities to research and explore concepts in depth and participate in modern cyber challenges. Topics include bash and python scripting, cryptography, basic reverse engineering, an introduction to host based forensics, vulnerability discovery, and binary exploitation.”
There are two textbooks for this course. These manuals complement the material covered in class. The lecture notes and the content of the class presentations and labs contain all the necessary material to meet the course learning objectives.
- Kim, Peter, The Hackers Playbook Vol 3, Secure Planet LLC, 2018, ISBN-13: 978-1980901754
- Edward Skoudis and Tom Liston, CounterHack Reloaded, Prentice Hall, 2005, ISBN-13: 978-0131481046
The material will be presented to you using lectures, laboratories and assignments. The course will cover many topics including the following:
- Introduction to penetration testing
- Cyber kill chain
- information gathering
- Attack vectors
- Social engineering
- Tools, tactics, techniques and procedures (TTPs)
- Communication and control channels (C2 channels)
- Lateral movement
- Action on target
- Shell scripting
- Writing shell-code
- Buffer overflow
- Return oriented programming
Most classroom sessions will be about general concepts. The labs will give you the chance to see how these concepts are put into practice in a red team operation on a target network. The assignment will also give you a change to work on technical attack challenges.
I will normally publish course presentations in advance. The goal is to reduce note taking so that you can focus on understanding the material being taught. Note, however, that the documentation serves as a support for the teaching of the subject and does not replace the courses, so you will have to take your own notes to supplement those provided to you.
Labs and Assignments
There will be 7 labs during the session. Labs are completed in teams of two. You must submit your lab reports in pdf format before the start of the next lab. The due date for each lab is displayed on the course schedule page.
There will be about 7 assignments during the session (the exact number may vary). Homework must be completed individually. The homework due date is specified on the course schedule page.
Work submitted late will receive a penalty of 25% per day. If an important reason does not allow you to submit an assignment on time, it is important to discuss this with the professor before the due date in order to avoid a penalty.
Students will be required to give a 10-15 minute presentation at the end of the course on an actual cyber attack. The presentation is made individually and must describe the circumstances of the attack, but also a thorough technical analysis of the attack. The presentation is evaluated..
TAs indicated in the ELOF IE (CadWins), the presence in the classroom is mandatory for cadets. Civilian and graduate students are encouraged to attend classes and must be present for laboratories. If you are absent from the course for medical appointments or other appointments, please request and obtain permission from your instructor in advance.
The course marking scheme respects the policies of the Faculty of Engineering.
- 15% Assignments
- 20% Labs
- 10% Student presentation
- 15% Mid-term exam
- 40% Final exam
To pass the course, you must
- submit all assignments and labs completed to an acceptable standard as judged by the professor
- achieve an overall average of 50% in the course
- achieve an overall average of 50% in the individual work that is invigilated (presentation, mid-term exam, final exam)
The final exam will include a theoretical part, but may also include a practical part.
Plagiarism, cheating, and other violations of academic integrity represent serious infractions for which penalties range from a recorded caution to expulsion from RMC.
It is your responsibility to understand and comply with the College’s regulations on academic integrity, which can be found in Academic Regulation 23 of the Undergraduate Calendar.
In this course the following academic integrity requirements will apply unless I provide specific direction otherwise.
Assignments. Assignments are to be completed individually and you must do the work yourself. For assignments:
- You may collaborate with other students to identify appropriate reference sources and problem solving approaches as long as your submitted assignment clearly identifies anyone you collaborated with and what form that collaboration took.
- Where your answers rely on information obtained from a source outside the course material, you must clearly identify that source by providing an appropriate citation.
- You may not copy answers from any source including another student’s work or work previously submitted by you in this or any other course.
- You may not provide another student with your preliminary or completed answers, by any means.
Laboratories. Laboratories are to be completed in your assigned laboratory group and you must do the work yourselves. For laboratories:
- You are required to collaborate with the other members of your laboratory group and are each expected to contribute materially to the intellectual work of completing the laboratory. If a member of a laboratory group does not contribute materially to the intellectual work, that group member’s name must not appear on the laboratory report and the member will not be awarded marks for the laboratory.
- Where your laboratory solutions or answers to questions rely on information obtained from a source outside the course material, you must clearly identify that source by providing an appropriate citation.
- You may collaborate with students outside your laboratory group to identify appropriate reference sources and problem solving approaches as long as your submitted laboratory report clearly identifies anyone you collaborated with and what form that collaboration took.
- You may not copy designs, models, source code, or other answers from any source including the work of a student outside your laboratory group or work previously submitted by you in this or any other course.
- You may not provide a student outside your laboratory group with your preliminary or completed designs, models, source code or other answers, by any means.
Examinations and tests. Examinations and tests are to be completed individually in accordance with the instructions provided.
Computer Use Policy
This course is unique in the sense that you will be using computers to conduct cyber attacks. These attacks are conducted on a controlled networks. It would be a criminal act to run these attacks on the Internet, public networks or any other networks that you do not personnal control. For both the labs and the assignment, you will be sharing the computer infrastructures with the other students of the class, do not perforn any actions that could compromise the system or prevent the other students from completing their assignments. Any actions that is outside the scope of the assignment or the lab is considered an Academic Integrity Violation and will be treated as such.
- Arrive in class and in the labs on time and properly prepared.
- Always have paper and a pencil with you for class work and for taking notes.
- In class or in the lab, focus on the topic of the moment.