ENPM809V

Welcome!

Who Am I

Graduated from UMD in '19 with a BS in CS and '21 with a ME in Cyber Security from MAGE. Involved in CSEC and helped create challenges for UMDCTF-2019/20/21/22.

Held various cyber security roles:

  • Software Security Engineer at RunSafe Security
  • Software Security Engineer for the Department of Defense

Mike - WittsEnd2

Software Engineer - C, Python, & Web

Reverse Engineer/Binary Exploitation

Hobbies: CTFs/Dev Projects, Entrepreneurship, Baseball, Music, Stocks

 

Discord: WittsEnd2

Email: mwittner@umd.edu

Who is the TA

Graduated from UMD in '21 with a BS in CS and '23 with a ME in Cyber Security from MAGE. Involved in CSEC and solved challenges created by Mike for UMDCTF-2019/20/21/22.

Current cyber security role:

  • Software Security Engineer for the Department of Defense

Michael

Software Engineer - C, Python, & Assembly

Reverse Engineer/Binary Exploitation

 

Discord: techn0mancer

Email: mjl33@umd.edu

About the Course

  • Continuation of ENPM691
  • Learning how more hacking techniques for the Linux operating system.
  • Learn both user space and kernel space hacking
  • Explore embedded and bare-metal hacking and reverse engineering

About the Course

  • Much of this came from my experiences competing in CTFs, developing CTFs, and from courses I took (both in-person and online),
  • You will see citations from various people and organizations throughout the course.
    • Lots of references to pwn.college! They really helped me build up my skills in binary exploitation
  • I am sharing everything that I have learned to you

Syllabus

  • Learn concepts of Linux and x86 Architecture
  • Continue Learning Userspace exploits
    • ROP Chain, Dynamic Memory, Race Condition, Sandboxing, Injection, etc.
  • Learn About the Linux Kernel
  • Learn Kernel Based Exploits and Hijacking
  • Learn about embedded systems security
  • Assignments - 80% of the grade
  • Final - 20%
  • Fast-paced! Covering a lot in 15 weeks

Syllabus

Assignments

How to do assignments

  • Thanks to Yan and his team at ASU, We will work on the pwn.college infrastructure for most assignments
    • All of the challenges are those I wrote
    • No setup needed! Just work on the web-browser
  • Submit Code on ELMS
  • Late Assignments Receive 10% off per day late (excess of 1 week late will not be graded)

Grade Breakdown

  • 20% for solve on pwn infrastructure - We will know if you solved it
    • This is dropped if homework is not on pwn infrastructure
  • Code/solution to the problem - 40%
  • Comments in code explaining solution - 40%

What to Include: Code Comments

  • Your pwn.college username
  • As long/short as you like
    • Longer does not mean better
  • Things that you might want to include
    • How did you figure out the vulnerability (if applicable)
      • Examples include: static analysis, dynamic analysis, debugging, etc.
    • Why did you take the steps? What made you come to that conclusion?
    • How does your solution work? What does each step do?
  • We just want to make sure that you understand! If you generally put in effort, you will get points.

Assignments

  • If you have ANY extenuating circumstance, please let me know EARLY (sick, military, etc.)
  • Letting me know on the day the assignment is due is generally not acceptable
  • I am understanding, but it makes it easier for me to help you if you tell me as soon as possible.

pwn.college demo!

Communication

  • For questions about course material, assignments, please use the Discord server: https://discord.gg/k2aVudTUHw
  • For disputes or official communications please contact the instructor or TA via email:
    • Instructor's email - mwittner@umd.edu
    • TA's email - mjl33@umd.edu
    • If for grading disputes, please contact the person who graded your assignment first

If you are reaching out via email, the subject line of the email be in this format EXACTLY [ENPM809V]: Your Topic

Discord Server

  • We will be communicating a lot on the Discord!
  • It is a great place to:
    • Talk to Instructor, Faculty Assitant, or your classmates
    • Talk about ENPM809V Concepts
    • Talk about Concepts related to assignments
  • Only ask is to not share code or exact solutions with fellow students
    • If the Faculty assistant or I think it's too much, we'll let you know.

Discord Server

  • What you are allowed to do on the Discord Server:
    • Discuss concepts related to in-class assignments and homework
      • You can discuss the assignments, but don't share exact solutions/code.
    • Share resources related to concepts in the course
    • Create

Office Hours

Michael Wittner - Instructor

  • Wednesday's 7:30pm-9:30pm and by appointment

Michael Lindsay - Teaching Assistant

  • Tuesday from 7pm - 9pm and by appointment
  • Any changes will be announced ahead of time
  • Let the instructor if you are coming at least 3 hours ahead of time (or coming late)
    • If we aren't expecting anyone, we may cancel the office hours. Often we will be there either way
  • Message us on Discord outside of office hours for help too!

Office Hours