CIS6395: Incident Response Technologies

CIS6395: Incident Response Technologies
(Fall 2021)

All lectures' videos are available for viewing on Youtube!

Lecture 1 (08/23): [video] Course introduction (ppt)

Lecture 2 (08/25): [video] Introduction (continue); Basic networking principles (ppt)

Lecture 3 (08/30): [video] Basic networking principles (continue the slides posted on Lecture 2)

Lecture 4 (09/01): [video] Basic networking (continue); Basic networking encryption (ppt)

09/06: No class (Labor Day)

Lecture 5 (09/08): [Video] Basic network encryption (continue); Virtual machine and VirtualBox (ppt)
                           Homework 1 is released and due Sept. 19th midnight; Clarification of encryption notations (PDF)

Lecture 6 (09/13): [Video] Virtual machine and VirtualBox (continue);
                            In-home reading material: Linux introduction (ppt)

Lecture 7 (09/15): [Video] Network traffic analysis using Wireshark (ppt)

Lecture 8 (09/20): [Video] Wireshark introduction (continue); Wireshark example (ppt, trace file: q1.pcap, q2.pcap)

Lecture 9 (09/22): [Video] Wireshark example (continue); Network forensics puzzle study: Ann's bad AIM (ppt, evidence file: evidence01.pcap); Homework 2 is assigned and due Oct. 3rd midnight

Lecture 10 (09/27): [Video] Malware static analysis (ppt, the two malware files: codeRed2.zip, Worm.Mydoom.I.zip; Static Analysis software tools: static-analysis-tools.zip)

Lecture 11 (09/29): [Video] Malware static analysis (continue); Malware dynamic analysis (ppt, dynamic-analysis-tools.zip)

Lecture 12 (10/04): [Video] Malware dynamic analysis (continue); Malware dynamic analysis: case study (ppt, RoboAuth.exe)

Lecture 13 (10/06): [Video] Malware case study (continue); Penetration Testing: Reconnaissance (ppt)

Lecture 14 (10/11): [Video] Reconnaissance (continue); Reconnaissance 2 (ppt)

(10/13): No lecture; Mid-term exam (release question at 10am, due on 10/14 11:59pm);

Lecture 15 (10/18): [Video] Reconnaissance 2 (continue)

Lecture 16 (10/20): [Video] Introduction to Splunk (ppt, tutorialdata.zip)

Lecture 17 (10/25): [Video] Splunk introduction (continue);

Lecture 18 (10/27): [Video] Splunk-case study (ppt, case study Splunk file: NetworkForensics-Ch8-EventLogs.zip); Homework 3 is released and due midnight Nov. 7th, 2021

Lecture 19 (11/01): [Video] Scanning (ppt)

Lecture 20 (11/03): [Video] Scanning (continue); Online password cracking (ppt)

Lecture 21 (11/08): [Video] Exploiting: Metasploit Attack (ppt)

                             Download the original WinXP VM image image at: https://www.cs.ucf.edu/~czou/temp/.

Lecture 22 (11/10): [Video] Metasploit Attack to vulnerable WinXP VM (continue); Homework 4 is released and due Nov. 21 midnight

Lecture 23 (11/15): [Video] Metasploit Attack (continue); Off-line Password Cracking (ppt)

Lecture 24 (11/17): [Video] Off-line password cracking (continue); Armitage Exploit (ppt)

Lecture 25 (11/22): [Video] System Hardening: Secure Metasploitable Linux VM (ppt)

11/24: No class. Happy Thanksgivings!

Lecture 26 (11/29): [Video] System Hardening (continue, last lecture for this class)

12/01: No class

Final Exam: (12/06, 10am to 12/07, 11:59pm)