2023-09-18: We have moved our lecture start time to 9:10am (instead of 9:30am). Please attend the class on time.
2023-09-08: [IMPORTANT for course sign-up] If you plan to sign up for this course, please (1) complete HW0, (2) submit your information to this form before 9am, Sept 15, and (3) bring your sign-up application docment to the class. We plan to sign up at most 14 students (with at most 4 non-NYCU students, inclusive). The order of sign-up will be based on the number of solved challenges. If more than 14 people solve all the HW0 challenges, we will run an online lottery in Google spreadsheet in the class.
2023-09-08: HW0 announced. Due to the limited sign-up quota, please complete it as early as possible if you plan to sign up for this course. The deadline for hw0 is 9am Sept 15 if you plan to sign up for this course.
2023-09-01: [IMPORTANT] This course is jointly lectured with NTU and NTUST. Because the other two universities start the semester earlier than NYCU, please read this announcement carefully to ensure that you do not miss anything:
[Site Opened] Please register yourself on the course resource website here. You can only access the website using allowed campus IP addresses. If you are in the NYCU campus network, you should be able to access it directly. If you are at home, you can access the website via campus VPN.
Please join our online discussion channel hosted on discord.
[Announced on Sept 8] Please complete HW0 before the deadline (noon9am on Sept 15). The challenges can be found under the "Problems" tab on the course resource website.
[For those who want to sign up for this course] Please attend the class on Sept 15 morning and complete HW0 (as many challenges as possible). You can visit the Professor to sign your application form in the class on Sept 15, or 3-4pm at EC417 on Sept 18, or by appointment once you have completed all the challenges. First come, first serve unless the number of students exceeds our available capacities. In case you cannot complete all the challenges, we will count the number of students who want to sign up for this course on Sept 15 and then decide who can sign up the course.
2023-09-01: We plan to have our homework 0x00 available on Sept 8, 2023 (Friday). For those who want to take this course, please have a look at our homework 0x00 to check the homework style of this class.
2023-09-01: Course website refreshed.
Homework Submission Procedure
Solve homework assignments on the CTF website.
Pack all your files (source codes, scripts, and write-ups) into a single archive.
Submit all your files to new E3 system.
Content in your write-ups:
Real name, Nickname on course website, Student ID
Explain the method you used for each problem. If some step of your solution cannot be written as scripts, you have to explain them in more detail here.
Please pack the scripts as seperated files in code/ folder, and briefly explain what they do in the writeup.
Course Information
Lectures: Friday 9:30--12:10.
Office Hours: By appointments
Classroom: EC324.
Prerequisite: Assembly language, C/C++ programming, and UNIX programming.
Reference books:
Brian Chess and Jacob West, "Secure Programming with Static Analysis", Addison Wesley Professional, 2007, ISBN-10: 0-321-42477-8.
Robert C. Seacord, "Secure Coding in C and C++", 2006 Pearson Education, Inc.
Michael Howard and Davide LeBlanc, "Writing Secure Code", 2006 Microsoft Press.
Mark G. Graff and Kenneth R. van Wyk, "Secure Coding Principles and Practices", 2003 O'Reilly and Associates, Inc
TAs:
Lead TA @ NCTU: Yu-Hsiang Lin. Email: echo bGlubHlzQGNzLm55Y3UuZWR1LnR3 | base64 -d
General: Tools, Assembly, and x86 Linux Programming
Binary: BOF, FMT/ROP, Heap, and other advanced topics
Web: Web overview, PHP basics, SQL basics, Web vulnerabilities, and case studies
Reverse engineering: Game hacking, Malware reverse, Windows reverse
Crypto: Symmetric algorithms, Asymmetric algorithms, and Crypto in CTF
Others: Talks on specific topics
Grading policy: (tentative) Homework (65%), Final CTF (25%), and class participation (10%).
Bonus: additional performance in security contests or bug bounty programs
Homework judgment policy: We do not welcome copycats. You are encourages to discuss with your classmates, but all your submissions must be your own work.