Information Technology 465

ITEC 465
Computer System Security Analysis and Investigation Techniques

1. Catalog Entry

ITEC 465
Computer System Security Analysis and Investigation Techniques

Credit hours (3)
Prerequisite: ITEC 352, ITEC 371, and ITEC 445

Students will learn ethical hacking, conduct formal security analysis of computing infrastructure; apply investigation techniques to detect vulnerabilities and threats in software and hardware including reverse engineering program binaries for malware analysis, memory and disk analysis; systems analysis of embedded devices.  
 
2. Detailed Description of Course

Content:
    1) Ethical Hacking
        a. Security analysis and ethical hacking (e.g., use of methodologies such as the Open Source Security Testing Methodology);
        b. Software security (e.g., java applications and web browsers), operating systems (linux and windows privilege escalations); networking
           applications (e.g.., active directory, DNS, SSH, SMB)  
    2) Attack detection (investigation techniques)
        a. Reverse engineering
            i.   Instructions sets of x86 and ARM architectures
            ii.  Debugging tools and basic commands (e.g., gdb and cdb)
            iii. Obfuscation techniques
        b. Memory and disk forensics

3. Detailed Description of Conduct of Course

The course is a series of lectures that present the theory and demonstrate the techniques of ethical hacking and investigation techniques. Students will learn by working on projects that will provide them with real-world hands on experience in performing security analysis and identifying vulnerabilities and threats.

4. Goals and Objectives of the Course

Students who complete the course will be able to:
    1) Perform security analysis of computing infrastructure using a standard methodology such as the Open Source Security Testing Methodology
       Manual (OSSTMM).
    2) Explain the wide array of offensive techniques to attack a computing infrastructure.
    3) Explain the underlying kernel data structures of at least one standard operating system such as: Windows or Linux
    4) Demonstrate an ability to analyze the current state of a kernel through memory and file dumps on at least one standard operating system such as
       Windows or Linux.
    5) Demonstrate an ability to reverse engineer compiler generated code using tools such as debuggers.
    6) Explain obfuscation techniques used by malicious software to infect software applications.

5. Assessment Measures

Assessment of student achievement is measured by written tests and through projects completed outside of class.

6. Other Course Information

None.

Review and Approval