How to succeed in this course

The goal of the course is to provide you with a good understanding of the basic concepts in computer and network security. When it comes to break or strengthen the security of a system, the important is not how but rather why. Said differently, the important thing is not knowing some tricks to hack into systems or techniques to make them more secure but rather understanding how a system works in details to fully understand its security limitations.

To achieve this goal, the course delivery has a fair balance between theory and practice. Your success in this course will reside in your ability to digest the theoretical aspects covered during lectures and apply them in hands-on exercises during tutorials, practicals and homework assignments). Finding solutions to these exercises will require you to fully understand how a system work to see where those security concepts apply. In most cases, you will not be able to grasp all of the subtleties by simply looking at a solution produced by someone else. To avoid getting a false sense of understanding, there will not be any solutions released. However, the course staff will be there to help you write that solution rather than giving it to you. Between labs, tutorials and office hours there are more than 12 hours of contact time with the course staff per week.

In the end, you must understand that the learning outcome does not reside in the solution but all of the reasoning that leads to the solution.

About the lectures

The slides are not lecture notes but simply visual support to guide my lecture delivery. There will be some content covered during the lecture that does not appear in the slides. You are responsible for taking your lecture notes. If you miss a lecture, make sure to get some notes from your peers.

About the tutorials

During the tutorials, you will work on different problems together with your peers and the TA. Again, the important is not the solution to these problems but rather the discussion that leads to the solution. Therefore, you are expected to take your notes during tutorials as no solution will be handed out beyond the tutorial handout posted on the course website. If you miss a tutorial, make sure to get some notes from your peers.

About the CTF challenges

Each CTF challenge comes with a handout, a starter code and commands to run this code. We expect you to understand all concepts detailed in the handout, all code given as started code and all commands provided (unless specified otherwise). In return, you will be asked to produce a solution (either as code and/or text). Once you submit your solution, we will assume that you perfectly understand what every line of your solution does (including the parts that were given as starter code) and the commands to run your solution.

To solve these challenges, you are expected to be very comfortable with the Linux environment, the shell, and the most basic commands. You will be asked to use new commands and tools that you might not be familiar with. We do expect you to be able to seek documentation and learn them on your own. Similarly, you are expected to have solid programming skills that enable you to learn new programming languages on your own. You will be asked to write a solution with a programming language that you do not know beforehand. We do expect you to be able to learn that language on your own to produce the solution code.

Solving these challenges will not always be easy. It might take some time to review the concepts covered in the lecture, learn the required materials and understand how the system works. For each challenge, there will be a fair amount of materials to learn and to understand before being able to start working on a solution. You are expected to do this learning process on your own for the most part.

In this process, the course staff might help with specific questions but we will not do the heavy lifting part of digesting all of the materials for you. This means that you cannot expect the course staff to explain to you how the system works or what to do to solve the challenge. If the course staff believes that you have not done your part of digesting the materials on your own at first, they will likely ask you to go back to the materials or answer your question with another question.

All of this might be frustrating at times but there is no better way to get the desired learning outcome. Finding the solution by yourself will provide you with the right skills to be able to tackle harder problems.

Again, the important is not the solution itself but all of the reasoning that leads you to write it. Therefore, no solution to these challenges will be released. If you were not able to produce a working solution for a given challenge once the deadline has passed, you are expected to solve it for the final exam. Come to our office hours, we will work on it with you.

Finally, it is important to emphasize that each challenge is highly experimental. We do our best to make sure that things work perfectly. However, there might still be some silly bugs or commands that do not work across platforms. If you notice any typo or something that does not work, we always appreciate getting some helpful feedback.

About the midterm and final exams

For the midterm and final exams, you will be tested on your understanding of: