CIS6395: Incident Response Technologies
(Fall 2021)

Home                      Schedule notes                        Assignment




Lecture 1 (08/23): Course introduction (ppt)

Lecture 2 (08/25): Introduction (continue); Basic networking principles (ppt)

Lecture 3 (08/30): Basic networking principles (continue the slides posted on Lecture 2)

Lecture 4 (09/01): Basic networking (continue); Basic networking encryption (ppt)

09/06: No class (Labor Day)

Lecture 5 (09/08): Basic network encryption (continue); Virtual machine and VirtualBox (ppt)
                           Homework 1 is released and due Sept. 19th midnight; Clarification of encryption notations (PDF)

Lecture 6 (09/13):  Virtual machine and VirtualBox (continue);
                            In-home reading material: Linux introduction (ppt)

Lecture 7 (09/15): Network traffic analysis using Wireshark (ppt)

Lecture 8 (09/20): Wireshark introduction (continue); Wireshark example (ppt, trace file: q1.pcap, q2.pcap)

Lecture 9 (09/22): Wireshark example (continue); Network forensics puzzle study: Ann's bad AIM (ppt, evidence file: evidence01.pcap); Homework 2 is assigned and due Oct. 3rd midnight

Lecture 10 (09/27): Malware static analysis (ppt, the two malware files: codeRed2.zip, Worm.Mydoom.I.zip; Static Analysis software tools: static-analysis-tools.zip)

Lecture 11 (09/29): Malware static analysis (continue); Malware dynamic analysis (ppt, dynamic-analysis-tools.zip)

Lecture 12 (10/04): Malware dynamic analysis (continue); Malware dynamic analysis: case study (ppt, RoboAuth.exe)

Lecture 13 (10/06): Malware case study (continue); Penetration Testing: Reconnaissance (ppt)

Lecture 14 (10/11): Reconnaissance (continue); Reconnaissance 2 (ppt)

(10/13): No lecture; Mid-term exam (release question at 10am, due on 10/14 11:59pm);

Lecture 15 (10/18): Reconnaissance 2 (continue)

Lecture 16 (10/20): Introduction to Splunk (ppt, tutorialdata.zip)

Lecture 17 (10/25): Splunk introduction (continue);

Lecture 18 (10/27): Splunk-case study (ppt, case study Splunk file: NetworkForensics-Ch8-EventLogs.zip); Homework 3 is released and due midnight Nov. 7th, 2021

Lecture 19 (11/01): Scanning (ppt)

Lecture 20 (11/03): Scanning (continue); Online password cracking (ppt)

Lecture 21 (11/08): Exploiting: Metasploit Attack (ppt)

                             Download the original WinXP VM image image at: https://www.cs.ucf.edu/~czou/temp/.

Lecture 22 (11/10): Metasploit Attack to vulnerable WinXP VM (continue); Homework 4 is released and due Nov. 21 midnight

Lecture 23 (11/15): Metasploit Attack (continue); Off-line Password Cracking (ppt)

Lecture 24 (11/17): Off-line password cracking (continue); Armitage Exploit (ppt)

Lecture 25 (11/22): System Hardening: Secure Metasploitable Linux VM (ppt)

11/24: No class. Happy Thanksgivings!

Lecture 26 (11/29): System Hardening (continue, last lecture for this class)

12/01: No class

Final Exam: (12/06, 10am to 12/07, 11:59pm)