CMSC 491/691 Active Cyber Defense (2024)

Fall 2024 (under construction)

Prof. Charles Nicholas
410-455-2594
nicholas@umbc.edu
ITE 356
Office hours: MW 2:30-4pm, subject to change

I'll be holding office hours in-person and over WebEx. It's a good idea to send email before trying to meet with me, since my schedule may change at short notice.

Link for WebEx office hours: https://umbc.webex.com/meet/nicholas

The TAs will hold office hours on the Discord site. In-person meetings will be by appointment only. Subject to change, see the entries for specific weeks below.

Role/Title

Email Address

Office Hours

TBD Graduate Grader
TBD Graduate Teaching Assistant

Rob Shovan

Assistant Instructor

rshovan1@umbc.edu

W 4-6pm (Discord only)

Course Information

Class begins on Wednesday, August 28, 2024, 7:10-9:25pm.

The class will meet in hybrid format. In-person attendance or over WebEx are both acceptable. We reserve the right to make the class online only if that is deemed more appropriate.

The assigned classroom is ILSB 116B.

No face-to-face activity is required. If illness of any kind keeps you from finishing an assignment on time, let me know, and we'll try to be helpful.

This course uses WebEx for class presentations, and Discord for in-class discussions and meetings with TAs.
The WebEx and Discord links for the class and course assistant office hours will be made available at a later time. You will need UMBC credentials to access these links.

The WebEx portion(s) of each class will be recorded automatically, and made available after each class session. A link to the course recordings appears after each session. All recordings are in the same Box directory.

Course website: https://redirect.cs.umbc.edu/courses/undergraduate/CMSC491activeCyber/indexFall24.html (You are looking at this web page now :-)

Prerequisites:

Interest in cyberdefense, including inter-collegiate competition. Computer Science background equivalent to Data Structures CMSC 341 is assumed. A course in computer security is encouraged but not required.

Students are expected to have a working knowledge of the Windows and Unix operating systems, networks, and/or software development techniques, along with interest if not experience in planning and conducting both penetration testing and countermeasures development.

Abuse of the knowledge or experience you gain in this course may subject you to discipline under UMBC policy and/or criminal prosecution. Do not expect your status as a student to protect you if you break the law! Hacking into campus computers (other than systems approved for such a purpose) is a violation of UMBC policy, and may result in disciplinary action possibly including expulsion, in addition to possible criminal charges.

This class was taught for the first time in Fall 2017, and the web sites for Fall 2017, Fall 2018, Fall 2019, Fall 2020, Fall 2021, and Fall 2022 are still available.

Overview

  • One of the purposes of this course is to provide a means of awarding academic credit to those who participate in the UMBC CyberDefense Club weekly meetings.
  • CyberDawgs website: http://umbccd.umbc.edu/
  • Mailing list: https://groups.google.com/a/umbc.edu/g/umbccd-group (request)
  • This is a HANDS ON course. You will need a laptop - or desktop - computer!
  • Everybody will be required to participate in some fashion in the cyberdefense competition that the Cyberdawgs will be organizing this fall. Performance in that event may qualify you for membership in our Cyberdefense Team, which has won several regional and national competitions in recent years.

Notes on the Schedule (Subject to Change)

  • Meeting 1 INTRODUCTION August 28
    • Slides for Introduction
    • Homework: ungraded
      • Download and install VirtualBox (free for students) often VBox is used as an abbreviation
      • Guest Additions may be installed by default, but the Extensions pack is not necessary.
      • The documentation for VBox is extensive. Details for VBox Networking
      • Download and install the Kali VM provided
      • Login to your Kali system, do any updates that are needed, and make a snapshot of the VM
      • Create a new user with admin privileges
      • It's okay to use the Kali documentation, or web search, on this assignment.

    • This will be an introduction and orientation session.
    • Discuss how grades will be assigned, what homeworks might be given, and so forth. Attendance but also active participation are important!
      People who master the material to the point where they can effectively help others are likely to be awarded a good grade.
      I anticipate giving many As, many Bs, and few if any lower grades.
    • Since many of you will be participating from off campus, it may be necessary for you to access the campus network usig a VPN.
      Instructions for using the VPN are found here:
      https://wiki.umbc.edu/display/faq/Getting+Connected+with+the+New+UMBC+GlobalProtect+VPN
    • You will need to establish the VPN connection before you will be able to access our WebEx or Discord links.
      This is to prevent the rest of the world from accessing the instructional material that you are paying for with tuition dollars,
      as well as make it more difficult for others to disrupt the class via WebEx-bombing.
    • The UMBC Cyber Defense Club is now known officially as the UMBC CyberDawgs!
    • There is a UMBCCD email list, which you can join from the club web page UMBC CyberDefense Club.
    • The CyberDawgs have a myUMBC Group https://my3.my.umbc.edu/groups/umbccd
    • We intend to give a demo VirtualBox, and the Kali VM
    • The Kali VM we've prepared for this year is found in this OVA file. Mac users may need to use this VHD file.
    • (The Kali VM we used last year is found here.)
    • For this VM, the username is "activecyber" and the password is"Sqordfish0!", without the quotes.
    • You can also get your own Kali VM image from https://www.kali.org
    • Take a look at the 'usermod' command if you want to change the name of a user...
    • Be aware of resources such as this Kali Linux Cheat Sheet
    • Give the virtualbox for M1 a shot:
      https://download.virtualbox.org/virtualbox/7.0.8/VirtualBox-7.0.8_BETA4-156879-macOSArm64.dmg
    • The recordings of class sessions for this semester will be found here.
    • You may need to use the UMBC VPN, or authenticate with myUMBC, in order to access the slides or the recordings.
  • Meeting 2 VM and Linux Admin Crash Course September 4
    • You can view this evening's slides on Linux Administration.
    • The lab for this week. Due at 7pm next Wednesday.
    • Announcements
      • You may want to know about the upcoming hackUMBC event!
    • A history of the Cyber Defense Team
    • Particpation in some sort of approved cyber competition is a requirement of this course.
    • You may have heard of the NSA Codebreaker Challenge.
    • In Cyber, especially competition,
      • learning everything you may ever need is impractical, so learn them as you need them
      • more to come
    • Knowing where to find information is useful. There are lots of resources available regarding different versions of UNIX and Linux
    • In anticipation of next week and beyond, take a look at this comprehensive list of Linux Commands
      • How many of these do you use a lot?
      • How many of them have you never used?
    • How would you find out which Linux commands are installed on your system?
      • one answer
      • but such methods may not be allowed in competition!
    • Demo: installing an FTP client - FileZilla
      • sudo apt update
      • sudo apt upgrade (this could take a while! might be worth making a snapshot or even a clone when done)
      • sudo apt install filezilla
      • create a launcher for the Kali Desktop
    • Demo: installing an FTP server - vsftpd
      • sudo apt install vsftpd
      • man vsftpd
        • check configuration file /etc/vsftpd.conf
        • demo of other commands such as sudo, nano, ps, grep, and others
      • test using FileZilla
        • start the service: sudo service vsftpd start
        • other commands include stop, restart, and status
        • test the service: sudo service vsftpd status
      • see if we can connect:
        • ftp localhost 21
        • nmap localhost -p 21
        • netstat -ltp (or ss -ltp)
        • lsof -i :21
        • may need to open port 21, but how? different flavors of Linux do this different ways!
    • We find it convenient to have a minimal Ubuntu VM, along with Kali. Recommend two CPUs, at least 4GB of RAM
    • Optional exercise, no points or deadlines: download and install a minimal version of Linux
      • Several choices are available, see https://www.makeuseof.com/tag/linux-distro-space/
      • We like the idea of creating a bootable USB drive using Etcher (Linux) or Rufus (Windows)
      • We will install Linux Lite, starting from an ISO file, which we will download live(!)
      • Demo VBox snapshots, clones, and applicances.
    • The recordings of class sessions for this semester will be found here.
  • Meeting 3 Windows Administration September 11
    • You can view this evening's slides onWindows Administration
    • This evening's lab assignment.

    • Announcements
      • We are aware of upcoming religious holidays, just let Dr. Nicholas know if you need extra time.
      • From a recent tweet by Craig Rowland: When you log into a Linux system, look at the processes with 'ps-auxwf' which makes it easy to spot unusual activity.
      • We have yet to talk about port forwarding in class, but if you're curious, take a look at The Cyber Plumber's Handbook
    • Please install this Windows 2016 server. (Active...ova)
      • Beware! this file is about 11 gigs, and will take some time to download.
      • For this VM, the username is Administrator and the password is Sqordfish0!
      • We don't care that this is an expired evaluation version, do we?
      • Okay to re-install Guest Additions
      • If you prefer a fresh copy of Windows Server from Microsoft, you can visit their Evaluation Center.
      • Installing the VHD versions seems a bit easier. All seem to come with 180 day licenses.

    • You may want to learn about the internals of Windows.
      • Russinovoch's books from 2017 cover Windows 10
      • Microsoft's documentation for Windows Server, such as here
      • and a number of YouTubes are available, such as here.
    • Optional demo: Optional ungraded homework: Using VirtualBox from the cloud. (PDF)
      • if you want to try this, let Dr. Nick know, and he will arrange for Google Compute Engine access
    • The recordings of class sessions for this semester will be found here.
  • Meeting 4 Network-Base Firewalls September 18
    • We'll be using these slides, selected from the following: 2019, 2020, and 2021
    • The lab assignment for this week is has been released.
    • Internships at NSA! Dr. Nick can discuss these opportunities. SIP/IA may be of interest. All these require US citizenship.
    • Bernie Lampe from Magnet Forensics will be speaking to the CyberDawgs on Monday! (as well as this class early November)
    • A networking overview on YouTube
    • Firewall vendors offer lots of documentation, for example Palo Alto
      • We described an open-source firewall called pfSense
    • Check out this CIDR Calculator
    • DNS remains an attack surface. See this recent thesis on this problem.
    • For the competition requirement, we need a 2-page writeup. Discuss your experience in the competition, how this course did or did not help you, and any lessons learned. More on this later.
    • The recordings of class sessions for this semester will be found here.
  • Meeting 5 Linux Hardening September 25
    • Some new slides. Comments and suggestions are welcome.
    • The homework for this week has been released!
    • We may have information about upcoming cyber competitions.
    • Some of us recommend the documentation for Arch as a general Linux reference
    • The study guides for the Red Hat certification(s) are useful, if you prefer reading a book! Consider this example.
    • For information on lots of Linux distributions, see Distro Watch
    • The recordings of class sessions for this semester will be found here.
  • Meeting 6 Windows Hardening October2
  • Meeting 7 Linux Incident Response October 9
    • The Linux IR slides for tonight
    • The homework being assigned tonight. The Debian VM needed is here (ova).
    • A Linux IR Checklist
    • A Jupyter Notebook for malware triage (link)
    • Tonight Dr. Nicholas might host an "Ask Me Anything" regarding graduate school!
      • Is a graduate degree worthwhile?
      • How do I pay for grad school?
      • I'm already a grad student. Why are you telling me this?
      • Some might want to look at this link to an example master's thesis.
    • The recordings of class sessions for this semester will be found here.
  • Meeting 8 Windows Incident Response October 16
    • The Slides for tonight.
    • The Homework for tonight has been released. The VM you need to use will be here (OVA)
    • Preparing for CDE.
    • We have a high opinion of TryHackMe
    • RJ's demo of Windows XP malware from last year (mp4) (vtt)
    • Competition Writeup is worth 20% of the grade. We expect no more than two pages of text, PDF please.
      • What competition did you participate in? If there's a specific date, e.g. the CDE held on 23 October, mention that.
      • What was the format of the competition? CTF, Red vs. Blue, or something else?
      • What part of the competition did you enjoy the most? what part did you enjoy the least?
      • Is there a topic or a cyber-skill that you found most useful?
      • Is there a topic or a cyber-skill that you wished you had more of?
      • Was the competition a learning experience? If so, how?
      • The writeup will be submitted using BlackBoard, as usual, due date 11:59pm Sunday of the last week of class

    • The recordings of class sessions for this semester will be found here.
  • Meeting 9 October 23 TBD
    • To be determined
  • Meeting 10 Guest Speakers October 30
    • Talks to include
      • Chris Vatcher, Lockheed Martin, topic TBD
      • Nicholas Fuzzy Similarity Metrics (Trello)
    • I will be tracking attendance tonight, in order to award some extra credit maybe.
    • The recordings of class sessions for this semester will be found here.
  • Meeting 11 Cyber Threat Intelligence November 6
    • Class will be remote tonight! No in-person activity is expected.
    • Slides for tonight
    • The lab assignment for tonight
    • Reflecting on the Internet Worm - After 35 Years (link)
    • It would be good to become familiar with the MITRE ATT&CK Framework! and the D3FEND Framework...
    • The recordings of class sessions for this semester will be found here.
  • Meeting 12 Offensive Security November 13
    • Class will be remote tonight! No in-person activity is expected.
    • Possible Guest Speaker
    • Prof. Nicholas may present some slides on Password Cracking
    • More slides for this week.
    • The lab assignment for this week. This Ubuntu VM will be needed for the assignement.
      • If the VM fails to boot on your VirtualBox, make sure you are running the latest version of VirtualBox. A screen snap must accompany any complaint :-)
    • Possible topics for other speakers. What do you think?
      • Social Engineering
      • Example of a Process Injector
      • What's it like to be a Red Teamer?
      • Gov vs. contractor vs. private industry
      • Secure Coding in RUST?
      • CERTs 8570, vs. CISSP, vs. CEH (Homer from TC?)
      • others?
    • The recordings of class sessions for this semester will be found here.
  • Meeting 13 November 20 TBD
    • Round Table Discussion
    • The recordings of class sessions for this semester will be found here.
    • PLEASE, be sure to complete the course survey for CMSC 491/691, if you have not yet done so!
  • November 27 NO CLASS
    • No class tonight, it being Thanksgiving Eve.
    • At some point, you will get an email from the campus, asking you to fill out the SEEQ. Please do this!
    • Recall that the Student Evaluation of Educational Quality (SEEQ) is a standardized course evaluation instrument used to provide measures of an instructor’s teaching effectiveness.
    • The Direct Instructor Feedback Forms (DIFFs) were designed to provide feedback to instructors.
      The responses to the SEEQ and the DIFFs will be kept confidential and will not be distributed until final grades are posted.
  • Meeting 14 In-class CTF December 4
    • Class will be remote AND in-person tonight, so come to class if you wish. For a CTF, in-person participation has its advantages.
    • The slides for this week
    • The lab for this week. Although this is just another homework, anybody who does well on this in-class CTF will have reason to hope for a good grade in the class! The CTF itself is accessed through this link: https://metactf.com/join/ACDctf-fall2023
    • The top THREE high-scoring teams will be awarded extra credit!
    • The Student Course Evaluation web site for this semester is open!
    • Competition Writeup will be due 11:59pm Sunday of the last week of school, that is, December 10, 2023.
    • The recordings of class sessions for this semester will be found here.

      PLEASE, be sure to complete the course survey for CMSC 491/691, which provides valuable feedback for me, the TAs. and the university. We appreciate the time that you take to complete these surveys, and the department and I take them seriously as a way to keep improving CS courses.
      While you're at it, please complete the course surveys for all of your courses, and ask your friends to do the same! The administration actually does look at the data and we do our best to work with departments and faculty both to address problems, and to recognize excellent teaching.

There is NO final exam in this class...but anybody who does well on the in-class CTF held in late November will have reason to hope for a good grade!

Resources that don't fit into the schedule, but may still be helpful! I haven't tried them all, so watch your step!

Textbook(s): None

The following book(s) are not required, but may be helpful:

Cyberoperations, by Mike O'Leary, second edition

Windows Internals, Parts 1 and 2, by Mark Russinovich

Hacking: the art of exploitation, by Jon Erickson.

Be careful when dowloading "free" copies of this or similar books! Additional resources, varying in quality, can be found on Wikibooks and other places.

Course Policies

Grading

Grading Scheme: 20% competition participation, 80% homeworks. Homeworks are equal weight, and there will be 8-10 of them. There are no exams.

You will be given time to work on each lab during the meetings. Some labs may have a group portion and an individual portion. You may collaborate with other students or CyberDawgs club members on the group portion of such labs. However, you must still complete the lab on your own virtual machine. You may not work on the individual portions of the labs with any other students or club members. Labs must be submitted by 7:00pm the following Wednesday. Whatever the number of lab assignments, the lowest lab grade will be dropped.

You are required to participate in at least one CTF or red team/blue team competition during the semester. At this time, we expect all such events to be online. Events hosted during regular club meetings do not count towards this requirement. Recommended competitions will be discussed in class. If you would like to compete in a competition that has not been mentioned, please email Dr. Nicholas.

Generative AI:For this class, if you use ChatGPT (or similar chatbots or AI-based generation tools), you must describe exactly how you used it, including providing the prompt, original generation, and your edits. This applies to prose, code, or any form of content creation. Not disclosing is an academic integrity violation. If you do disclose, your answer may receive anywhere from 0 to full credit, depending on the extent of substantive edits, achievement of learning outcomes, and overall circumvention of those outcomes.

Use of AI/automatic tools for grammatical assistance (such as spell-checkers or Grammarly) or small-scale predictive text (e.g., next word prediction, tab completion) is okay. Provided the use of these tools does not change the substance of your work, use of these tools may be, but is not required to be, disclosed.

Academic Integrity

Students are expected to do their own assignments. We may allow collaboration on certain assignments during the semester, but we will tell you so as that happens. If you submit for credit work that is not your own, there will be consequences, perhaps including zero on that assignment, reduction in final grade, or forfeiture of current or future prospects for financial aid from CSEE. Here is a web site that explains UMBC's position on Academic Integrity.

Resources for Students

Do you know about Retriever Essentials? It's there if you need them. According to their web site, "Retriever Essentials is a faculty, staff, and student-led partnership that promotes food access in the UMBC community. However, we offer more than just free groceries, we also offer toiletries, baby items, and meal swipes. The services we provide that are listed below are 100% free. You can find more in-depth information regarding each of our services in the attached documents."

We also incorporate the Syllabus Language provided by the UMBC Office of Equity and Civil Rights for this semester, as given here:
https://ecr.umbc.edu/sample-title-ix-responsible-employee-syllabus-language/

Thanks!

CMSC 491/691 Active Cyber Defense (2024)
Top Articles
Latest Posts
Article information

Author: Catherine Tremblay

Last Updated:

Views: 6290

Rating: 4.7 / 5 (67 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Catherine Tremblay

Birthday: 1999-09-23

Address: Suite 461 73643 Sherril Loaf, Dickinsonland, AZ 47941-2379

Phone: +2678139151039

Job: International Administration Supervisor

Hobby: Dowsing, Snowboarding, Rowing, Beekeeping, Calligraphy, Shooting, Air sports

Introduction: My name is Catherine Tremblay, I am a precious, perfect, tasty, enthusiastic, inexpensive, vast, kind person who loves writing and wants to share my knowledge and understanding with you.