β’ 3 Credit Hours
Loading charts...
Key adjectives used by students β color intensity reflects sentiment
frank-turtle-3106
The course teaches you a lot about how Linux executables work. You will learn how to do ROP and other cool techniques to overcome mitigations for memory vulnerabilities.
Edited
bold-planet-0718
Edited
smart-parrot-9471
Edited
tranquil-panther-3469
OMSCS candidate, under grad in CS, played CTF in college. Not bad if youβre already familiar with basic binary exploration, only need to solve 5 challenges a week to get an A, I did them all on Sundays.
Edited
valiant-orca-6966
Definitely a great course. The lab setups are hard but gradually. You will learn a lot of details for pwn here
Edited
cool-cardinal-8872
Edited
Edited
Like it
Edited
removed
Edited
Edited
My 7th course that I've taken so far for the program, and easily the hardest. The lessons are very applicable to the labs, but you will not do well in this class unless you have a lot of experience with binaries already. You have between 1 - 2 weeks to complete each lab, and likely will need all the time you're given to do as many problems as you can.
I would highly recommend not taking this class unless you are at least familiar with the following topics:
All in all, if you're familiar with pwn'ing from CTFs or are otherwise already familiar with exploiting binaries then this is the class for you!
This was definitely not the most difficult course I took out of the ten for my degree. Graduate Algorithms was more difficult and more stressful, easily. I would also hazard that HPCA overall was more difficult, and so was the final project for Computational Photography (but not the rest of CP).
I loved this class. It had no bullsh*t at all (unlike GA and HPCA). The majority of my security background was IIS and it was enough.
Getting a ton of points on early labs allowed me to skip large portions of later labs, and I still got a B.
Now, if you want to be the top student in this class (it has a leaderboard), that would indeed be very challenging. But if you just want a B then it wasn't bad at all.
To be fair, I had a couple stressful days early on where I thought I may have bitten off more than I could chew. But that passed and looking back it wasn't that bad.
Definitely take this class! One of my favorites.
Very good introduction to the technics capturing the flags by controlling the pointers inside the runtime program remotely or locally. It's the best way to learn how computer program works under the hood! I learnt great amount, stayed very focused for extensive period of time cracking the code, and got so much satisfaction when seeing the flag popped on my terminal. Hours: The CTF competition is quite fierce and cost me spending 40 hours per week at the first to get near the top. But life happens and I needed to shift the focus and spent around 5-10 hours per week on the assignments in the end. I did get an A at the end. Background: 4yoe SWE with 0 security background.
If I had 3 suggestions for anyone taking this class:
This is rated the hardest course in OMS-OCY, it's a great class full of practical challenges. I didn't have any exploit development experience beforehand, doing some online CTFs before taking this class would have helped me prepare better. I spent roughly 40-60 hours a week on this class with the videos, readings, and lab. There will be times your mind draws a blank when your exploit isn't working, and times you're surprised an idea actually worked. It's all worth it once that sweet flag pops on your screen. Use their recommended Ubuntu VM so it's similar to the server environment if you can't SSH in, I usually did all my work on the server. Definitely front load in this class, so clear your schedule and dedicate all free time to the first two labs so that your pockets are full of points; things start getting tough after lab 4. The hints can be hit or miss, some of them are free while others cost a penalty. The TAs are awesome, they responded quickly and thoroughly.
I took this as an OMSCS student as my final class. It is one of my favorite classes now. It's incredibly well designed and is pure hands on and lab based. I learned more in this class about OS architecture than ios/aos/hpca combined. It forces you to understand the low level details of the systems you exploit in a way that none of the more theoretical classes can do.
If you take it in Fall you get to work on the NSA codebreaker challenge. Otherwise you do a fuzzing lab for for lab 10 (which I sort of regret not being able to do - I didn't like the NSA lab that much).
There is an optional 24 hour CTF team challenge at the end of the semester, where you compete against other teams both on campus and online to take a 1000$ prize. Every team submits their own CTFs and you solve the challenges. This was actually really awesome and I'm glad I participated.
This is one of the best courses in the program and I highly recommend it.