General Information

Course description

This course covers advanced techniques for attacks and defense in Cybersecurity. In particular, the course will teach binary reverse engineering, vulnerability analysis, exploit development, patching vulnerabilities, bug hunting, etc. through ten-weeks of hands-on labs with examples.

This course borrows the format of Capture-The-Flag (CTF) challenges for not only learning techniques required to solve the challenge but also enjoying the fun of taking over the systems and blocking attacks.

Class meetings

Office hours and recitation

We will have office hours from 17:00 to 18:30 (walk-in) at KEC 3079 on Wed, every week (this could be changed at the instructor’s discretion).

Who should take CS 419/579 CAND?

CS 419/579 CAND is primarily intendedfor both undergraduate and graduate students who are interested in obtaining skill sets required to thwart cyber attacks in the wild.

Over the course of lab exercises, students will become confident in competing in Capture-the-Flag (CTF) contests, conducting real-world bug hunting and getting bug bounty awards, and contributing to open-source projects by sending their patches via pull-requests.

Grading policy

  • 100% Lab,
  • If you miss any entire single lab, you will get an F (so please submit at least one flag per each lab).
  • No midterm or final exams.
  • See Rules.

Online Discussion

Online discussion is strongly encouraged and it will help you a lot in solving lab problems.

Please join Piazza and post your questions, ideas and thoughts. Please join Discord to ask questions interactively.

Misconduct Policy

CS 419/579 CAND provides a 7 day grace period (50% points after due date, only for 7 days.) and we strictly follow the plagiarism policy (read OSU’s Student Conduct CODE).


Cheating vs. collaboration

Collaboration is a very good thing. On the other hand, cheating is considered a very serious offense and is vigorously prosecuted. Vigorous prosecution requires that you be advised of the cheating policy of the course before the offending act.

For this semester, the policy is simple: don’t cheat:
  • Never share code or text on the project.
  • Never use someone else’s code or text in your solutions.
  • Never consult potential solutions on the Internet.
On the other hand, for this class, you are strongly encouraged to:
  • Share ideas.
  • Explain your code to someone to see if they know why it doesn’t work.
  • Help someone else debug if they’ve run into a wall.

If you obtain help of any kind, always write the name(s) of your sources.