ISA 564/CS499, Security Laboratory Fall 2015

[Class Schedule] [Projects]

Instructor: Angelos Stavrou
Lecture: Tuesday 7:20pm - 10:00pm
ENGR 5358
Office Hours: Tuesday 4:30pm - 6:30pm, and by appointment
Email: astavrou(_)

Teaching Assistant: Maofei Chen
ENGR 5321

Office Hours: Tuesday: 2:30pm - 4:30pm & Wednesday: 3:00pm -5:00pm

Email: mchen18(_)

se Description:

This class will be focused on current research in Security with emphasis in Network and Software Security including:

Class Objectives:

This course provides hands-on experience in configuring and experimenting with commodity networked systems and security software in a live laboratory environment, with the purpose of understanding real-world security threats. This course will take both offensive and defensive approaches and expose students to a variety of real-world attacks, including viruses, worms, rootkits, and botnets. Possible mitigation and defending mechanisms such as firewalls and intrusion detection software will also be covered.


The prerequisite for this topics class is a C or better in CS 310 Data Structures and CS 367 Computer Systems & Programming; or permission of instructor. The coursework will include substantial programming projects; in order to be able to complete the projects, the students must be comfortable with C and Systems' programming.






Class participation


Lab 1: Buffer Overflows



Lab 2: Network Penetration



Lab 3: Malware & Shellcode



Lab 4: Network Attacks & Remote Exploitation



Lab 5: Firewalls &

Intrusion Detection Systems



Lab 6: Wireless Exploitation



Lab 7: Web Vulnerabilities






Final or Team Project





The students must achieve a total score of at least 90 (out of 100) to be considered for an A. This class is an advanced graduate-level class and is geared towards understanding the fundamental concepts behind Digital Forensics. The students will be expected to participate in large projects under the guidance of the instructor.


We are going to cover topics using the provided slides, papers, and online material.

On the course web page you will also find assigned reading from on-line articles, code snippets, and research publications. I will also have supplementary materials on reserve or handed out during class.

Computer Accounts:

All students should have accounts on the central Mason Unix system (also known as
and on IT&E Unix cluster (Instructions and related links are here). Please read the FAQ if you have any questions. Students can work in IT&E computer labs for programming projects during the specified hours.

Honor Code:

Please read and adhere to the University's Academic Honesty Page, GMU Honor Code, CS Department Honor Code

Disability Statement
If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
All academic accommodations must be arranged through the ODS.
2) Talk with me to discuss your accommodation needs.

Other Usefull Resources

Writing Center:
A114 Robinson Hall; (703) 993-1200;
University Libraries: “Ask a Librarian”
Counseling and Phychological Services (CAPS): (703) 993-2380;
University Policies: The University Catalog,, is the central resource
for university policies affecting student, faculty, and staff conduct in university affairs.

Class Schedule

Week & Date
Course Lectures & Readings (Tentative)

Week 1, Sept 1

Intro & Class Mechanics [PDF]

Metasploit using Kali Linux:


Wireshark Lab [PDF]

Week 2, Sept 8

Lab 1: Buffer Overflows [Link] Guest Lecture Prof. Dan Fleck

Week 3, Sept 15

Lab 1: Buffer Overflows [Link]

Week 4, Sept 22

Lab 2: Network Reconnaissance and Pentration [Link]

Week 5, Sept 29

Lab 3: Malware & Shellcode

Week 6, Oct 6

Lab 3: Malware & Shellcode

Week 7, Oct 13

Columbus Day - No Class

Week 8, Oct 20


Week 9,Oct 27

Lab 4: Network Attacks & Remote Exploitation

Week 10, Nov 3

Lab 5: Defenses: Firewalls & Intrusion Detection Systems

Week 11, Nov 10

Lab 5: Defenses: Firewalls & Intrusion Detection Systems

Week 12, Nov 17

Lab 6: Wireless Exploitation

Week 13, Nov 24

Thanksgiving recess - No Class

Week 14, Dec 1 Lab 7: Web Vulnerabilities
Week 14, Dec 7
Final or Final Project Presentations