 So, okay, let's start. Hello everyone, welcome to class. So, this is going to be, this is the first class for our CAC 365, the information that you're serving today. And we have many students in the class. So, I want to give this video an exercise in the instruction for quality, before we start. So, please make sure that you wear your mask. This is a big part of AACU, where they're AAPI-resonated or boosted or not. So, as long as you are in order to foster, please make sure that you wear your mask. And you can also, you could, you know, expect your neighbors and invite them, but you also want to make sure that you're staying the opposite way of the state. So, everything is great, let's start. Okay. So, first, let me introduce our instructor, professor, Adam Duvay, and Adam Duvay, can you introduce yourself? Hello. Hey, everyone, AAPI people on Zoom. Tiffany is going to get into it, but this is going to be a, so basically, you may have noticed on your, when signing up for this course, it was a hybrid course, and you'll technically only meet one day a week. So, that's one day a week in person. So, there's two sections of CSE 365, both at the same time, Tuesdays and Thursdays. So, basically what we're doing is merging those two classes into one big, giant 600-person class. And so, you'll be kind of in-person on, you'll be in-person on Tuesdays, they'll be in-person on Thursdays, and Zoom recordings of everything will be available so you can join the Thursdays on Zoom or on the call. But anyways, to introduce myself. Hello. I don't know, that's a fun sound. Where's my mouse? There we go. Ah, there we go. Cool. So, I did my PhD at UC Santa Barbara on the beach there, at which time then I came here to ASU. A little bit about my background. I did like a four plus one type of thing at UC Santa Barbara. I went after I graduated, worked at Microsoft full time as a software developer up in Seattle, and then really decided I love doing research. And so, I went back for my PhD, after which I came here at ASU. During which I got into security during my undergrad by playing in capture the flag competitions, which is something we'll definitely go over in this course. If you're a shellfish, then I helped start a hacking team here at ASU called the Pone Devils, which has since kind of shifted its name to the mysterious ASU hacking club. You can find out more information about them there. I'll have office hours Tuesdays from 1030 a.m. to 1130 a.m. except for today, because it's the first day I don't think you guys need anything. Anyways, you can. So the theme of I think this whole course will be kind of hybrid so they'll be both in person options or remote options even for office hours so office hours you can join through zoom or you can come to my office, and I should be there. Yes, yes. And let me also introduce myself. And you just call me just you don't have to say that Professor Bell Dr Bell or whatever. I'm flat here but you don't have to. I am an assistant professor at CC. Actually, now we turn it from 16 to sky. I'm of the school, but the professors just do their students are also nice and there. And before I joined ASU, I was a student at Southern Maryland University. My research is software security. And what I did is to look at how to find and find ways to fix them or mitigate them or stop them in the work in a smaller way. So I call it as backstop software. So I just want to say, my research is not just about finding us and also, you know, working about the end of the box, optimally and how to, you know, think about the best for me to get some use for vulnerable communities, especially for some of them are being for a social good. You can see more things about my research from my personal website. And also you can actually check the research, both Adam, and the mind from a subcom is a subcom.asu.edu. There is a lab that we are co-hosting. It's a fun, fun, you know, research lab. And we have many students over there that's all doing fun research, not only the software security, but like cybersecurity in general. So my office hour is going to be Thursday, 1.30pm to 2.30pm. And I'll just make that online so you can, you know, go to Zoom and click the link and then I will be there and we can check from there. Those information, they will be online. We will have a course website, thanks Adam, Adam set it up. So those information will all be there. So you don't have to write it down, you don't have to record it now. And later on, all you need to know is our course website. And from there, you can get like the slide, the Zoom information, the time information, etc. So I'll talk about the course logistics later. And then we will have a decent amount of TAs and the undergraduate TAs, UG TAs. I don't think that any of the TAs is here today, but we will have five PhD students, PhD TAs that will help you guys with all your questions, you know, hallmarks or CTFs, like the final exam. And then we will have more of just like an outcome completion wise, not really like a weekend exam, but like they can help you with those questions. And also, we have UG TAs undergraduate TAs, we will also help you answer those questions or, you know, host a special lectures, if needed, or slides presentations. So, I'm not going to introduce them right now because they're not here, but you will get to know them later on. And also you can get those information about those TAs later on from our course website as well. All right. So, as Adam said, we're going to have a hybrid class for this semester. I know that you guys have both Tuesdays and this session, right? And if you look at the course chat about SSN, some of the well week, one time, only Tuesday and some of the one hour only. However, you will have an online session, which is going to be on Thursday, say time, 9am to 10. And for that time, actually, this course will have another session, which is going to be hosted, maybe by Adam, maybe by me, and you can stay in Zoom and attend this meeting, or attend this course online. And we can also just wait until the reporting comes out and check the reporting from YouTube. Basically, you can stay online at the same time or do it online. So, please make sure that you, you know, attend this session in person if you want. It's not required and we're going to have to attend this or something like this. We want to make sure that everyone is comfortable going to in person costs and also we will stay safe and for those that are college students. But you are watching sure that you either listen to the course or the person making sure that you get a lot of it because those are necessary for your later on so I can get some of those together. So, if you do want to attend, you know, both of us in person. Okay, we're, we're happy to do that and we're not like, for real, we're not going to put you something from doing that, but make sure that you know there's enough space. So it's like, now we're in the 360 session and you can go to the 360 session and you're still in space a little better. So, please make sure that we need space for those people in their own session. Okay, and we have a little everything course on new and we'll also post those recordings later on. And you can get those recordings, those links from our course website. If you remember something on the note, just take the note, take the course website, and then you can have everything out there. We find that. It's sort of a question organizing, you know, seeing there, so we're going to keep using the other for question and answers. And when you ask questions, we'll make sure that, you know, for technical questions, or something that is not personal, please be mindful and make it public so that everyone can have a staff. Share your sources, share your answers with your staff. And also, I want to emphasize that all the announcements will be shared together. So please make sure that you register here so that you will get all of us around it, including inside. Hey, besides, we're going to expand the assignment that are or we're going to expand something else or we're going to change the mistake that we found from the assignment, etc. So make sure that you register. They can get the most update. And we may not pose to those amounts of the course. So basically, after you. Everything is the most reliable resource for you to get an update about this course. All right. And then let me just go to the course website real quick. And let's just go through things over there. Maybe that later there's a section at the end to go through this. Okay. Okay. You want to do that then. Yeah. All right, I think that's pretty much about the core setup. Any question. No campus. No, no. And no one person will break. They're all getting eggs. Okay. Sounds like a plan. But we do have a little offer. We also will have a cost. And also, like, We don't have one way to send it out. So make sure that you get the right grade. And if you go to the website, you will see, you know, the current definition of each grade, like the, which scores, which levels. It's subject to change. We may change it because of the distribution of the score, et cetera. So that was just a standard that we put right now. But it doesn't mean that it will be a problem. Just so you guys know. All right. Yes, please. He reiterated. We're going to come in person. Yes. Okay. Okay. More questions. I see. I see. So we don't have a way probably, we don't have a way to post your grades. But you have a lot of time. And we'll email you throughout the semester. We'll email you throughout the semester. So you know that maybe before final. I don't know, it could just depend on the cadence of the course, however many assignments that are like it shouldn't. And just to make sure that our records match your records because you'll know every assignment, you'll know exactly what your grade was on that assignment as you do it. And so there should be no surprises. That's just a sync up to make sure, hey, what we have for your grade is what you think you have for your grade. We're probably going to do that one time. At least twice. Yeah. For pressure. Okay. Yes. So we are going to set up a science mission. Okay. All right. No more questions, I suppose. Okay, let me just start the introduction. So, Okay. And that brings us about. And we've heard about CTF before. Okay. Right. You have a lot of people know about CTF. But it's okay that you don't know it is like after the semester, you will not only just know it, you will be very aware of it. And I, I think that you will probably have a lot of hate feeling about CTF. All right, so CTF is short for after those. And you may have heard about that, you know, for another view that goes kind of game, but for science security, the way they go, the words, the way it works is that this is a competition that people try to use their skills to, like, maybe explore the machine or take advantage of a program so that they can get the information from either the program or the computer, or they can network server, etc. To get a specific content over there, which is how that's why we call it a flat. You need to use your skills to get a specific message over there. And if you have to play puzzle with words, this is a little bit like the puzzle game that we play, except that here, you need to use your cyber seal in order to get the piece of information. That's how CTF is. Let's see that code here. No, but you will see you see the city that it's short for that home. And this is the picture. This is the poster for 2019. Yes. So, yeah, so this is a poster for 2019. And that is one of the top is at least, actually, in my mind, I'm just saying the top, the top of the packing competition, the top CTF competition in the world. And as I'm not, we are the poster, and I can see in you, which is the majority of the team of color or so, we were united and posted that cross to the app since 2018. And now we fire the fire that we're not But yeah, this is the Yeah, so it's pretty far. And if you have not heard about that. I want to show you some picture and more challenges, but not really the technical part of the challenge, but like give you some interesting challenge that Adam and the other team members have designed for Defconn CTF. So, usually for Defconn CTF especially For the Defconn CTF, it will have many, many team attending, and it is composed of six qualifying CTFs around the world. And from those qualifying CTF, there will be like 16 or maybe 20 around 20 team elected from a thousand and 200 teams or even more to attend the final CTF. And then in the final CTF people are going to exploit and attack each other. They're going to be given a server or like a given, sorry, they're given or some services, so this is they're going to run the identical services, and they're going to exploit other people, but also try to talk to themselves, they're going to do an exam and a taxi here. But before that game, during the qualification, the way in the works is that there will be challenges closer down line, and then people are going to solve those challenges and try to get the score. And we call it a jeopardy style CTF. And in our class, we're probably, we're going to mostly focus on jeopardy style CTF. So, for your assignment or for your final CTF, what we're going to do is that we will have those challenges, like you see, those are all different kinds of challenges over there, and you will kind of like flink and decide the challenge that you want to work on, and also give a flag, you're going to submit a flag, and the system is going to tell me whether or not you're correct. And then you will get the score, of course, if you're correct. So, this is the school, this is the webpage that we have for that kind of 2019, and you see that they're all different kind of challenges over there. So, we believe that the yellow one is that they are currently actually available, and the right yellow is that you already saw, we've got the score, right, and then the purple one is that it's inactive at this point. So, during back home do not reduce all the time. Maybe this is going to be different from always. Yeah, you're going to have all the time, but it doesn't really matter as long as you're solving together score, you're happy. All right, and then this is the score board, which is also very interesting, right. So, those four shows, those scores, and the status are equal, and you see that there are many, this is, this is called, so, you see there are 24 things available there, this is all you can do a lot. Actually, there are a lot of people attending, and you see that those many of those writers, each of them, they go to them for a specific knowledge. So, those who is that, say, TVP got those numbers published, and those are scores, and those are the teams and their varieties. So, as you were able to see, shall we check the version? They are number five. Yes, number five. This is the team that Adam was in, and probably Adam will be back. I would have been number one if I was still in the team. Oh, let's see this year. Yeah. Cool. Yep. And then this is, as I said, like, there are six qualified CTFs around the world, and then there are like those qualifications for CTF, many teams attending. That's 16 teams who will attend, and will be invited to the finals, which is in Las Vegas. It's a lot of fun. And actually, you, the desk conference has, I would say, maybe thousand or tens of thousands. 30,000, the last full in person, actually 2019, 30,000 people. Yeah, 30,000 people gathering in Las Vegas. Usually it's around early August. Yeah. Super hot. Yeah, super hot. The problem with the hottest support, the hottest of season in Las Vegas. And if you, and my personal recommendation for you guys is that if you are not very interesting. And don't go to Las Vegas in early August, because at that time, you're booking the reservation to be in Sailing High because of all those hackers, they're going to occupy there. So don't be there if you don't want. But yeah, so this is the place that they're hosting the final CTL. And this is also year 2019, I believe. So you see that people. This was true. I actually don't remember the hotel. Yeah, Paris or valleys, one of the, it was in the like walkway. So the DEF CON, it's actually out separate from DEF CON itself. DEF CON itself was, I think the entrance was to the right. And so yeah, we were right above to the left is like overlooks the casino. Right. Where it is, that's interesting. You can tell us 2019 because nobody's wearing a mask. Well, it's upon the time. And this is a video. Yeah. So this gives you a little more sense of the 16 teams. All right, so this is like every table is D and those teams work together against. And this is a very fun challenge that I think Adam, you're involved. And this is a very fun challenge that I think Adam, you're involved in creating this challenge, right? Yeah, I observed it, but I guess involved in the watching people lose their minds on this. So this was so Saturday morning. So the way the competition works, it's Friday, Saturday, Sunday, 10 hours on Friday, 10 hours on Saturday and four hours on Sunday. So Saturday morning after working all day on Friday on challenges, the team showed up and we just handed each of them an Xbox and original Xbox with these controllers. So one of the people on our team was actually super involved in Xbox emulation, like being able to run old Xbox games and understanding how the old Xbox works. So what they did was I think we just told them just plug it in. There was a special network cable, plug it into the network and then turn it on and see what happens. So what we've done is burned in into each of those Xbox's doom. We got doomed to run on that Xbox. And so it would connect to, oh yeah, there we go. It would connect to one of our servers so they would literally be playing capture the flag inside doom, but the problem was when they started up you can actually fire your gun. They could just run around and not actually kill anybody or do anything. And so that what they had to do was actually the, I actually think the game was downloaded over the wire so every time the system booted up. It downloaded doom from our servers. So what they had to do was figure out how to like game hacks so how to hack their game so that they could fire. I think wall hacks and map hacks and all kinds of school stuff that they could do to give themselves the edge and be better than the other teams. So meanwhile each of these rounds lasted I think roughly 10 minutes where they would go around and have to like occupy a certain area that was the capture the flag location for points. And then that got them points kind of in our game. Right. And remember you mentioned that there was a few guys from PPP who is an expert in doom. I think he said professionals do a player. Yeah, that was a big problem we didn't anticipate is that the teams rather than hacking as much as we wanted they just put somebody who is really good at playing doom on this and scored a lot of points. Yeah, it's not that you know you turn on the gun, you just turn on everything. Oh yeah and then other teams didn't like well shellfish was yelling at us, because they're like we should have gotten more points that round was not scored correctly. And when we looked at it they had actually desynced their game client from the game server. So they thought they were being all cool and like running through walls and killing people but really they were just like in a corner running against the wall over and over again. Yeah, so those are some challenges about that process here and there are even more fun challenges. So for example, we have, you know, challenges about a hacked iOS applications. And also, we have challenges for how to hack deep learning methods like just like the, the fact should that challenge that has just talked about. So you need to use your deep learning skill to do like created your own your network and then try to play with other people's, but also you can hack other people's like deep learning network so that you will be able to use a vocabular machine learning to make other people dark. And there is a hack list of machine. What is that is that is this a question that you create or yeah. Yeah, so back in the 80s, the list was actually a very popular which you may know more nowadays a scheme and what's the Java one, I don't remember, but anyways, a scholar scholar. So back in the 80s, they actually made CPUs that would run list code itself and so are actually technically a microcode so they compile the list code down to a microcode that was actually executed by the special CPU. And so I found an emulator for this and was able to run these list machines from the early 80s. And then I wrote a web server for it so they were talking to this well it looks like a web server but it's actually this list machine emulator. So they had to like, reverse engineer it and decompile the thing and then find the bug that I put in there and then exploit that bug it was kind of crazy. Yeah. And as Adam mentioned, the doom very phone one, and the very similar challenge is about shell code. So if you don't have that time just consider that as a piece of assembly. I suppose, many of you have no like after the six, 64, those are some ways, and you know that those are some ways it shows essentially they're just bikes right to like one zero one zero over instruction. And the question is, can you flip the bike with a bit over there. I would turn one bit from zero to one one zero to one to zero, but the assembly, like see, see, do the similar identical functionalities as the original assembly does. So this is like the flip bit to flip resistant assembly or shell code. And why might that be useful. I would be useful to write code that survived a bit. Yeah, definitely happen randomly where they happen more often in space. Yeah, so if you want to like send code so what they have to do is have really expensive hardware called red safe, like radiation resistant hardware, which is usually incredibly slow and very expensive and probably heavy too. So, by exploring kind of things like this, could you compile something or write some code that can be resistant to random bit flips from radiation. It's kind of an interesting actual real world out of Asia for these things. Yeah, but flip flip will happen for quantum machines right. And that's what you tell me I have no idea. And that's why we have a challenge in last year. So, you know, we have to advance our game as a technology events as well. And this is a picture about the, I think it's just an announcement or scoreboard. Yes, that's the scoreboard. And we use this interface because this is very similar to a tool called AFL. And it is a buzzing tool that people extensively used to find warmer villages. So we just kind of mimic a AFL style scoreboard and you can see people. They're all team names and their scores over there. Okay, and then, as I mentioned, the file is attacked the best game in the sense that teams are going to be given identical services, but those services, they are either vulnerable, and those teams that they are all service, and also exploit those vulnerable against the other team. When you say to yourself, you're going to get some score. Well, actually, you don't really get scores. But it's kind of other people, the audible news source and also you will get scores. That's right. You kind of get an answer if you try to tell her well. And also we have another section of the TV after coming up with the field. This is going to be ranked by some particular store in order to sort people from, you know, source based on their rank. And here you see that those are the source or team or the ranking source. And also, there are people are some who are very good at acting or very good at that. Enough to kill. And if remember correctly, this year. Yes, PPP you want PPP is the team. My mother school. I guess since the last year the PPP one right and yeah since 2020 PPP was the second yeah PPP started to be the second place. But PPP has been long for many times, many years. Yeah, and then this is this years. Let me talk about it briefly. I kind of wanted to bring this up so 2019 was last year we had it in person 2020 was all deaf on the conference and the CTF was all virtual. We created this horrible like 28 hour day system where teams would play for eight hours and the game would go down like, or they would. Yeah, I can't it was, oh yeah it was a play for like eight hours and then go down for four hours and then on for eight hours and down for four hours and on for eight hours. Yeah, because of time zone because you know usually those teams they're international they're coming from all different countries. And we want to be fair. So we want to make sure that everyone has their own comfortable eight times to work on the challenges. So this was in 2021 it was a hybrid year so both us and the teams half of us roughly were in person. And the other half are remote and kind of why I wanted to bring this up is from my experience it was much more difficult being hybrid than fully virtual. So keep that in mind as we're you know struggling and maintaining simultaneous zoom classrooms with in person and all that stuff that can be it actually can be. I mean I think, well, I like seeing all of your faces here in the classroom, but just bear with us it can be a little tricky especially with people getting sick and having to tend remotely so just keep it in mind. It actually becomes slightly more difficult. Oh yeah that was me so it's. I was about to let them guess. Yeah, that's young, young structure stuff really a professor here with the Mohawk, who teaches for 66 kind of a very advanced version of this course. I, man I'm losing the context because it was so long and it was so painful I like put it out of my mind, but I think I was staying up for. I had to fold an all nighter to get a bunch of stuff that they needed working. I was so cold that he brought the like table cloth as a blanket for me. And then later I ended up taking a nap under the thing because I had been up for over 24 hours, and I was like dying trying to like do stuff but I didn't want to leave and go to the hotel room in case they need to be for something so. Luckily I got my payback so this was young, the next day the next night he had to do pull an all nighter, and when I showed up in the morning he was like huddled under the table there. And yeah but the cool thing was we retired so that's we don't ever have to do this again it was an insane amount of work I guess how which is. Far right this guy. I can't. Yeah I'm with the hand up. That's funny. Yeah, and then Tiffany didn't participate so much in our last Def Con because she was busy doing something else. Yes, I was busy with hatching a baby. Yeah actually so and this is the baby. Oh you see that time here so good baby to spend. I'm so happy to be here so have some my free time to talk with my students and do something I really enjoy. All right, so that's about that car and that's about yeah we know that's talk about security and especially security at CS at ASU, sorry. So here is you we have to integrate cybersecurity concentration programs. We have you know one color BS in computer science, and then we have a BSE and on computer system engineering. And also we have three graduates cybersecurity concentration programs, which is. There is a MS MCS master master of computer science, I think it's master of science and master of computer science probably. I don't remember actually the MCS went away so maybe I need to update that. And then it used to be thesis versus non thesis so used to be the MS thesis option and the MCS was a non thesis option. But now I actually think MCS is the fully online version and MS is both thesis and not thesis. Yep. And also we have PhD program. And usually, we like, you know, ASU students we'd like undergrad, and the way that our lab staff come works is that we are open for students who are talented in cybersecurity and of course, interested in cybersecurity wants to pursue cybersecurity as their career or research, you know, PhD career as well. So if you are interested in cybersecurity, and if you are interested in doing cybersecurity research, please feel free to reach us out personally, and then we can direct you on how we can start, you know, to explore some research on cybersecurity. And for more information about the security programs at CMU you can just ASU. You're not at CMU. Oh, again. Yeah. I'm sorry for that. So yeah for cybersecurity programs at ASU because referred to, you know, more information from the state. CMU of the Southwest. Just quick about the concentration. Okay, yes. So this is a quick walk through. So anyways, if you're interested in something that appeals to you, the cybersecurity, you're actually already basically one third of the way through the required courses for the concentration. You know, requires you to have taken this course, and then you select two from those other 400 level courses. And there's also two other elective courses from a list to take. And that's it. And then you get on your, I think that's concentration is on your degree so it's a concentration in cybersecurity on your degree. If that's something that interests you. Right. And also we have you know those different more fun classes, and they're more advanced. So if you're interested in them just take them. And also, what do we want to say, I want to say, like, yeah, we're not we're a national center of excellence recognized by the NSA and the Department of Homeland Security. Right. Yeah, it's pretty cool. Not every university have this kind of privilege. Okay, now it's time for us to walk through the syllabus. You don't need to move it over to the other. Yes, if I can. I probably can do that I have to end this. And then me concentrate. You can see it here. I see. Thank you. And to people I suppose you can also see, I got the syllabus right cool. Let me just shoot me a little bit more. Okay, so now let's just walk through the syllabus of the of our course. And also guys, if you have any questions feel free to interrupt me anytime. Also zoom people, if you have any questions, feel free to just unmute yourself and shout because sometimes I cannot really track zoom and the people at the same time don't feel free to just shout. So, course description, like, you guys are no I suppose that you already know, this is a cybersecurity course, cybersecurity courses, of course, and this course will give you a basic and comprehensive and they're standing for cybersecurity, or we call it. So there's a lot of information assurance and the solutions to those problems. And this is kind of like the fundamental costs for cybersecurity, and as Adam introduced, based on this cost, you will be able to get more events to topic costs or more events for level classes. And, but this cost, our costs, this one will give you kind of an introduction of a brief. Maybe I call it teaser or just like, you know, give you a great feeling about all brought like a, in general, each different kind of more specific like system security or network security, different areas of cybersecurity, but we will probably cover a lot of the questions over there, but not as deep as those like for level classes. And the prerequisite. Because our class will need to you will need to sign up to sign up for classes that have. Okay, so we don't have to talk about the record that good, but I will say that my advice for everyone since it's just start if you want to, you know, prepare for the future. I highly recommend you to, you know, kind of like wrap up on your programming skill you can program in C or Java, just like make sure that you can program well or Python. And also, we're going to have assembly related topics. So if you are not very familiar with, like, say, actually 664 assembly make sure that you learn it you understand that you can read it well. And that will be pretty essential for our later lectures and assignments. All right, and then we have a recommended textbook, although we're not going to be stick to that textbook, and you can go purchase that type of get the information, you know, get the knowledge from there. And of course communication as we mentioned we're going to be majorly using Piazza, and you can get the link from here and then you can register yourself to the class. And please make sure that you ask those questions to Piazza, and we always just prioritize Piazza over our email. So if you ask questions on Piazza, you will get an earlier response than email. But if you want to have like really in person questions, for example, you want to have a sick leave or whatever, you can email us, like using our own ASU account that for anything that is class related, the assignment, etc. Please make sure that you use class Piazza. And here is a small link that you can go to and then check yourself for how to ask questions smartly. And I found this is very interesting. And that's very helpful and constructive because it tells me what is the best way to communicate what they tell me how to save the time for both you and me, so that we can focus on things that are more important. And I do receive, you know, some questions before they ask me like, hey professor, I don't know how to do this or professor I really can solve this challenge. Can you get me any hint. And that's it. But this is going to be very hard for me to catch or to follow up because I have to, to like do this ping pong for another iteration and ask him or her, like, why do you think so what's going on, where you get stuck. So maybe a better way to communicate is you just get me all you what you have done. But, you know, when you ask me questions at a first time, and maybe perhaps with like maybe screen shot or the command that you have tried and tell me the failure that you have come across or maybe the messages that you have come across so that I can give you more concrete feedback on how to, you know, challenge. So things similar like that. And I recommended to just go through this. It can be some, you know, some casual reading or bad readings for for this page. And I believe that this really will help you to understand how you should communicate with other people, not only just for this cause it just like in general for your own career in the future. Okay. And then what else course topics. So, as I mentioned, this class will be a will cover a lot of a very broad course topics, but not very deep. So we will have things like access control. Adam will probably start that since the next lecture. Right. Yeah, something like that. Access control and then we will have cryptography. We will have authentication, network security, web security, software security, system security, etc. Basically, it will cover a lot of stuff. And then for assessment, which is homework or say, as well as final CTF, basically we're going to assess everyone based on platform with challenges and you're going to just go there just like a jeopardy challenges you've seen and also like you've seen from our previous slides, although not as fun as that kind of glue but still pretty fun. And then for assignments, there'll be about three to 12. I know this is a very wide range, because we usually just decide the number of assignment as we go as we, you know, see people's progress. I give you a wrench now, meaning that they can be very light. It can be also super heavy, but it, I mean, based on previous feedback from students, I would say maybe we've class with you or it's going to be an intensive programming class. So you will probably still need to spend a decent amount of original amount of time to finish all those, you know, challenges. However, usually the scores is not really bad as long as you make your effort and get a challenge, and you will be able to get a very good score in the end. So we will have two CTFs, a midterm CTF and a final CTF. And the way that we grade is as follows, like we have 70% for homework, 10% for midterm, and 20% for final. So this is just the threshold for the letter grades at this point, as I said, it's going to be subject to change, doesn't really matter. And then for homework, do and examine. Wait, one, one important thing. Yes. We have curving on there. So we'll only ever curve the grades, the thresholds lower. So we won't ever raise it up meaning, I don't know, if you get a 83 in the class that's going to be at least a B, it may be a B plus depending if we lower the threshold for B plus down, but it won't ever be like a B minus or a C. So you don't have to worry about that. There's only a curve only ever works in your favor. All right, a plus next, just reduce them and then make them a no, it won't happen. Cool. Exactly. Highly unlikely. There's plenty of it. And for homework. Oh, so the way that we do for homework is that it's okay that you, you know, you want to maybe delay your homework, you want to submit late, however, you will have a penalty because of the late submission, but you won't just like lose all your scores. So the way that it works is that, say, if you're late for one day, then you're going to be deducted by 20%. And then if you're late for two days, then your score will be deducted by 40%. So every day, as long as you increase one day late, you make your homework assignment one day late, then your score will be deducted by the number of the days that you delay times 20%. So basically, this means that after five days, then you will lose your all the point from the site. Right. And then in terms of exam days. Right, so we don't have an example like for sign final and see, and the midterm will give you a period basically, it's like take home exam you will be given a period of time maybe three days or two days or 24 hours, and then you will be, you know, doing this assignment on exam by yourself. Okay. Okay, and this is something that I really want to emphasize or to have a clever fight because this is a new thing that we ask, we call it homework help blackout. So basically, we want to make sure that we can still sleep where we want to make sure that we're not going to be in sailing crazy or busy occupied, like, in the last minute of the assignment deadline, just answering people's questions. Thank you for saving us, not only just out of me but also other TACGTS. So we're going to black out those time. Say, if the deadline is 1159pm, basically the midnight, then we are not going to answer questions to the 6pm. So six hours before the assignment or CTF deadline, we're going to close out and we're not going to answer any questions. And in this case, please make sure that you ask questions and start everything early so that you can come across those questions. Because in the end, I don't want someone to be like doing, still doing none of the challenges, but start to realize how many questions that you have. And at that point, no one's ever to help you with that. And usually we will have actual office hours if needed for final CTFs or also for the midterm. So you can also come to us and ask us for additional help before the close out time. Okay. And then for special accommodations, if you have any concern about your health or disability, feel free to do that. Also, I know about the current COVID situation. So first of all, you don't have to come to class if you want. And also, if you need accommodation, you can also email Adam or me. And then we will help you from there. All right. For the treatment and the cheating, you are welcome to ask other people how to solve a challenge, but you are forbidden to copy paste other people's code. So I think this is going to be clear. And you can collaborate. Like you can collaborate in a way that someone tells you, you are wrong because this, but you have to write the whole the budget. And also, when you ask questions to us. It doesn't work for you. And fortunately, just because we have too many students to take care of. So, but if you can really minimize your question, like just think about, you know, a question that we can answer you were quickly say in five to 10 minutes. You can ask us questions like, I come across this specific era, this era says permission denied. What does it mean. But before you ask questions like that, please make sure that you Google yourself first, because many questions can be answered by Google. And this is like cybersecurity and also this, this is something that we would always do when we come across problem. So make sure that you Google first, this is going to be a good way that you can self learn. And then if you still have questions, you can come to us and we will help you out in our best. Nice. Good. Okay. So before work life balance. I just want to say that, you know, again, we come across this tough semester, because of COVID, and we very much understand this tough situation. And so don't feel guilty. If you don't feel comfortable, or because of your own thing or because of your families is so that you cannot make them meet, make the class or you have to maybe ask for extension or etc. So don't feel guilty for that. And always just keep us in loop so that we know how to help us in terms of title nine as well. You know, this is a good organization. If you ever come across any problem. Feel free to contact them. Or also, you need to, you can contact us. And for us, if we have heard about anything about, you know, those kinds of issues. We are obligated to title nine to the school organizations. So if you do need us to report for you, feel free in the comment talk to either Adam or me, we're happy to be here. Okay, I think that's everything about the course logistics the introduction. Any questions. And not any questions from zoom. It will be recorded on YouTube. And let me just go to the website. Yeah, schedule. See, like links later on. So basically in the select schedule that paid YouTube or the video links and yes. So usually we'll make it within one day or two depending. So the problem is, we can release slides very quick. Sometimes the video may take some time it just like YouTube we have some time to process the video. Usually by the night, the promise we have to post a Tuesday video so they can watch it before Thursday. Right. Yeah, as quick as we can, but sometimes stuff happens. Yeah, I will say like 24 hours a good estimate. All right, more question. Okay. Cool. Okay, then now I'm going to hand the lecture to Adam, and Adam will give you a nice overview for the. Yeah, for our course and for a general cyber security. Yes. All right. That's that's there we go. Do you hear me. I'm going to open your screen. Oh, thank you. Also guys, we're also thinking about having a support channel just so you guys know, they already have one. Oh, you already joined it. I was waiting is in the zoom chat if you want to scroll up. Yes. What is so people on zoom. Can you see. Oh, you see that. Okay. And zoom you see the slides, the big slides. Thank you. This is going to be tricky getting the zoom chat. All right, we'll have to figure that out. Cool. All right. Thanks everyone. I'm going to handle the first part talking about the overview of security. This is kind of getting our feet wet talking about security right now we only have a little bit of time so I'll just go over the beginning. Before I jump in. I'll mention that basically because of this first week the way it is and the way the cadence of the course Thursday is going to basically be a repeat of today for those people on Thursday so everyone here who's listening now it's just going to be exactly the same so don't feel like you need to attend or watch the video on Thursday. It's going to be a repeat, but next week we'll start Tuesday Thursdays you'll be responsible for the content in both parts. All right, so we're here to talk about security. What is security. What does security mean to you. Anyone want to give me a thought on that. Yeah, protecting said last part protecting your information yeah do you care about that. Does anybody not care about their information. Do you care about your phone with your like bank account number just handing it out to people. No, so you actually do care your pictures just every picture you take with your phone just automatically uploads to Twitter. No, nobody does that. Okay, that's probably good. Okay, we it's very clear that like we do have this notion of security you can think of security in a lot of ways right very broadly you can think of physical security you can think of here we're here to talk about mainly computer security it's actually interesting to see those two connect many systems they call scatter systems or industrial control systems, basically like big, big machines that are operated by computers if somebody hacks into that you can actually cause physical damage in the real So those two often are actually linked there, typically when we think about security we kind of we think about a triad of things that we care about so this is super important to remember it comes up all the time. You can, it has a super easy to remember acronym as well the CIA. Confidentiality. So what does confidentiality mean. Yeah, keep certain information, either secret or control so that only the people you want to control that information actually controls that information. Right, we can think of, like we just talked about with pictures right pictures would be a place that we want confidential and we want to be able to control who has access to that information. So there's notions of access control who can access what everyone here has an Isaac card, right that gets them into certain areas and buildings and those kinds of things. That's another clear example of physical security properties there. We'll get into things like encryption where you can actually encrypt something and use math to hide information so that even if I sent like a piece of information that every single person in this class, it would only actually be accessible to me. But, but keeping things secret isn't actually the only thing that we care about. If somebody were to hack into your bank account. And maybe if you don't care what if they know what the number is what if they can change that number to zero. Would that be a problem. Some of you yes some of you're not even know that'd be great. Bring you back closer to positive. We also care about the integrity of data so there that's a case where we actually don't care that the data has been has been leaked or or gone out. We actually care about the integrity we care that the data is hasn't been modified or tampered with accuracy is tricky because that has to do with like provenance maybe like where did that data come from. Right, so like a, you can think of maybe a speed radar gun, right that monitors the speed of somebody actually may not know how accurate that machine is maybe it's inaccurate, but I would want. So for integrity purposes I'd want to be able to say hey, whatever the police logged that thing they couldn't just claim later oh it read 65 when it actually read 55 or if you're in a 55. Right, the machine itself could still be wrong but so accuracy gets a little bit more difficult to assess. And so we usually think about for integrity two different things. How can we prevent people from modifying and changing our data. So what we really think about integrity would be if I was able to go in and maybe I couldn't access your pictures but I was able to just delete all our scramble like put random data over all of the pictures on your phone. So we care about preventing people for doing that but also detecting so sometimes we want to detect when data has been tampered with and change. And in the instance of that if I could tell, oh hey this report that they're saying that this, this speed gun took this rating at this time that's actually been changed and altered and we can detect that after the fact. So we have cool actually cryptographic ways to try to ensure these things. And then the, so we have three, two of the three legs of the triad confidentiality integrity, the other super important part is actually availability, that seems kind of weird why is availability. Why do we care about availability in terms of security. Yeah. Yeah, so if you can't access your stuff right that's actually a huge type of attack like think about it well. We need access to this room right we need access to this room to have class if somebody were to bar or weld all the doors shut, like the day before an exam. That would be an attack against our ability to conduct our business. The other way I like thinking about availability is not completely shutting things down so one of one tactic that criminals use when they try to like break into a bank digitally. What they'll do before that they'll get collect reconnaissance and information on the different email addresses that are people who work security for that bank. And then what they do is they send a bunch of spam emails but not just like hey by Viagra spam, or your car warranty spam. This is like just randomly generated emails with random gibberish and words that don't mean anything. What they're trying to do is clog up the inbox so that when they break into the thing and some intrusion detection system sends the team an email, it gets missed in this flood of emails and this has actually been a real attack that people have used. So it's more like an attack on the availability of somebody's attention even. And so typically in here we think kind of about denial of service is one of the most classic forms of availability attacks. This actually occurs fairly often. Terminal outfits will get control of a bunch of machines on the internet, and they'll use those to direct fake traffic to a website to take it down. And I can't really do that to like Google or Microsoft or Amazon because they have a lot of power and compute they can stay up. But if you target a small to medium sized business that depends on their website for revenue. And you take the website down and then you send them an email it says hey I saw your website that is down that really sucks. You know if you sent a half of Bitcoin to this Bitcoin address that I'm sure I could get it back up and to prove it to you I'm going to take it back up for 10 minutes. And you send that email they get the email you take you turn it back on for 10 minutes you start your attack to take it down and then you your price would just keep going up as to how much it's going to take to get you to stop. So it's a real attack that also occurs to small and medium sized businesses. So, CAA remember this burn your brain it's a super important part of thinking about the security properties of a system. And I guess that's great here so we'll stop here on Tuesday in a week we're going to start back up on threats.