ENPM809V
Welcome!
Who Am I
Graduated from UMD in '19 with a BS in CS and '21 with a ME in Cyber Security from MAGE. Involved in CSEC and helped create challenges for UMDCTF-2019/20/21/22.
Held various cyber security roles:
- Software Security Engineer at RunSafe Security
- Software Security Engineer for the Department of Defense
Mike - WittsEnd2
Software Engineer - C, Python, & Web
Reverse Engineer/Binary Exploitation
Hobbies: CTFs/Dev Projects, Entrepreneurship, Baseball, Music, Stocks
Discord: WittsEnd2
Email: mwittner@umd.edu
Who is the TA
Graduated from UMD in '21 with a BS in CS and '23 with a ME in Cyber Security from MAGE. Involved in CSEC and solved challenges created by Mike for UMDCTF-2019/20/21/22.
Current cyber security role:
- Software Security Engineer for the Department of Defense
Michael
Software Engineer - C, Python, & Assembly
Reverse Engineer/Binary Exploitation
Discord: techn0mancer
Email: mjl33@umd.edu
About the Course
- Continuation of ENPM691
- Learning how more hacking techniques for the Linux operating system.
- Learn both user space and kernel space hacking
- Explore embedded and bare-metal hacking and reverse engineering
About the Course
- Much of this came from my experiences competing in CTFs, developing CTFs, and from courses I took (both in-person and online),
- You will see citations from various people and organizations throughout the course.
- Lots of references to pwn.college! They really helped me build up my skills in binary exploitation
- I am sharing everything that I have learned to you
Syllabus
- Learn concepts of Linux and x86 Architecture
- Continue Learning Userspace exploits
- ROP Chain, Dynamic Memory, Race Condition, Sandboxing, Injection, etc.
- Learn About the Linux Kernel
- Learn Kernel Based Exploits and Hijacking
- Learn about embedded systems security
- Assignments - 80% of the grade
- Final - 20%
- Fast-paced! Covering a lot in 15 weeks
Syllabus
Assignments
How to do assignments
- Thanks to Yan and his team at ASU, We will work on the pwn.college infrastructure for most assignments
- All of the challenges are those I wrote
- No setup needed! Just work on the web-browser
- Submit Code on ELMS
- Late Assignments Receive 10% off per day late (excess of 1 week late will not be graded)
Grade Breakdown
- 20% for solve on pwn infrastructure - We will know if you solved it
- This is dropped if homework is not on pwn infrastructure
- Code/solution to the problem - 40%
- Comments in code explaining solution - 40%
What to Include: Code Comments
- Your pwn.college username
- As long/short as you like
- Longer does not mean better
- Things that you might want to include
- How did you figure out the vulnerability (if applicable)
- Examples include: static analysis, dynamic analysis, debugging, etc.
- Why did you take the steps? What made you come to that conclusion?
- How does your solution work? What does each step do?
- How did you figure out the vulnerability (if applicable)
- We just want to make sure that you understand! If you generally put in effort, you will get points.
Assignments
- If you have ANY extenuating circumstance, please let me know EARLY (sick, military, etc.)
- Letting me know on the day the assignment is due is generally not acceptable
- I am understanding, but it makes it easier for me to help you if you tell me as soon as possible.
pwn.college demo!
Communication
- For questions about course material, assignments, please use the Discord server: https://discord.gg/k2aVudTUHw
- For disputes or official communications please contact the instructor or TA via email:
- Instructor's email - mwittner@umd.edu
- TA's email - mjl33@umd.edu
- If for grading disputes, please contact the person who graded your assignment first
If you are reaching out via email, the subject line of the email be in this format EXACTLY [ENPM809V]: Your Topic
Discord Server
- We will be communicating a lot on the Discord!
- It is a great place to:
- Talk to Instructor, Faculty Assitant, or your classmates
- Talk about ENPM809V Concepts
- Talk about Concepts related to assignments
- Only ask is to not share code or exact solutions with fellow students
- If the Faculty assistant or I think it's too much, we'll let you know.
Discord Server
- What you are allowed to do on the Discord Server:
- Discuss concepts related to in-class assignments and homework
- You can discuss the assignments, but don't share exact solutions/code.
- You can discuss the assignments, but don't share exact solutions/code.
- Share resources related to concepts in the course
- Create
- Discuss concepts related to in-class assignments and homework
Office Hours
Michael Wittner - Instructor
- Wednesday's 7:30pm-9:30pm and by appointment
Michael Lindsay - Teaching Assistant
- Tuesday from 7pm - 9pm and by appointment
- Any changes will be announced ahead of time
- Let the instructor if you are coming at least 3 hours ahead of time (or coming late)
- If we aren't expecting anyone, we may cancel the office hours. Often we will be there either way
- Message us on Discord outside of office hours for help too!
Office Hours
ENPM809V - Introduction
By Ragnar Security
ENPM809V - Introduction
- 129