This course was previously COMPSCI 590J.
This course explores the fundamentals of reverse engineering, exploit development, and cyber operations within the context of real-world cyber effects. The curriculum blends theoretical concepts with hands-on exercises and projects to give students practical experience with cybersecurity tools and techniques. Throughout the semester, students will work with industry-standard tools such as Ghidra and analyze real-world vulnerabilities (CVEs) to understand how exploits are developed and mitigated.
The lectures cover a broad range of topics, from analyzing binaries and firmware extraction to developing covert command-and-control (C2) systems. Students will also study significant cyber operations, such as the Stuxnet and APT1 case studies, to understand the tactics, techniques, and procedures (TTPs) used in real-world attacks.
Assignments will challenge students to apply exercise-based lecture concepts, often requiring independent research to solve problems. The capstone project will culminate in the design and implementation of a complete cyber effect, demonstrating skills in exploit development, reverse engineering, and security obfuscation. Collaboration and active participation are required in discussion sessions, discussing the previous lecture content as well as the reading content.
The course is designed for students from both computer science (COMPSCI) and electrical and computer engineering (ECE) backgrounds. By the end of the course, students will have developed a fundamental understanding of key cybersecurity concepts and the ability to analyze and create cyber effects in controlled environments. Additional course details are available.
Syllabus
UNIV Section 1 Jr. & Sr. CS majors who have completed (1) COMPSCI 230 or ECE 322: and (2) COMPSCI 360 (or COMPSCI 460) or ECE 371) both with a grade of C or better. UNDERGRADS MAY SUBSTITUTE ANY INTRODUCTION TO COMPUTER/NETWORK SECURITY COURSE AT THE 300-LEVEL OR HIGHER WITH A GRADE OF C OR BETTER FOR COMPSCI 360, WITH PERMISSION OF INSTRUCTOR. If override is desired, email the lead instructor with what specific skills/experience you possess that will make you succeed in the course. Desire alone will not grant entry.
Graduate Students: No pre-requisites for COMPSCI and ECE graduate students. Suggested basic knowledge of reverse engineering and cybersecurity concepts.
UNIV Section 2 CS and ECE graduate students.
UNIV+ Section 1 MS-CMPSCI students as well as any other student at the grad level with instructor's permission.
Location: Synchronous attendance via Zoom, with cameras on for all students. Students must attend all lectures.
Meeting times: Mondays and Wednesdays 5:30-6:45pm
Instructors will be from a cohort of industry cyber effects subject matter experts from the MITRE Corporation.
Nick Merlino is a Cyber Mobile Research Engineer within the Distributed Systems department at the MITRE Corporation. Since he started in 2016, he has supported projects for multiple government agencies spanning from low level analysis to high level development. Nick's focus has been on network security and various aspects of mobile device security. He holds a BS and MS in Computer science from the University of Massachusetts, Amherst, with a concentration in cybersecurity.
Dr. Seth Landsman is a software and cyber engineer who has worked across multiple government agencies to support their unique national security missions. Seth has specific expertise in mobile environments, command and control systems, and system integration and holds a Ph.D. in computer science from Brandeis University.
Dan Walters is a Principal Embedded Security Engineer at The MITRE Corporation, where he has worked in the area of embedded systems since 2006. He helped develop MITRE's Secure Electronics Lab, which researches electronic implementation-security issues such as side-channel leakage, fault induction, and trusted hardware.
Dr. Ed Walters is a Principal Software Systems Engineer at the MITRE Corporation in the Tactical Edge Systems Group. He has a B.S. and an M.S. in Aero/Astro from MIT, an M.S. in Computer Science from Stevens Institute of Technology, and a Ph.D. in Computer Science from UMass Amherst. He has worked for various companies, including Volvo and Bell Labs, and worked on everything from internet infrastructure to compiler and simulator design for a research processor. At MITRE he has been involved with projects in the fields of Space Communication, Navigation, and Radar Systems. His research interests include computer system and hardware simulation, high-performance computing, and program analysis. On his off time, Ed enjoys cooking, hiking, and spending even more time in front of the computer gaming.
Jeff Hamalainen is an embedded security engineer and lead for the Secure Implementation Analysis and Exploitation group at the MITRE Corporation. He has over 15 years experience applying cutting edge research in side-channel analysis, fault injection, and communications to important problems across multiple government agencies. Jeff has previously organized multiple collegiate Embedded Capture-the-Flag security competitions and taught classes in fault injection. He received his B.S and M.S. degrees in electrical engineering from Tufts University and Northeastern University (respectively).
Adam Woodbury is the Chief Engineer for Embedded Security within the Electronic Systems Development and Embedded Security department at the MITRE Corporation, where he has worked since 2003. Adam previously worked at NTRU Cryptosystems where he developed efficient hardware and software implementations of lattice-based public-key cryptography. He holds a BS and MS in Electrical Engineering from Worcester Polytechnic Institute where he studied efficient implementations for elliptic curve cryptography.
Corre Steele is a Lead Cyber Reverse Engineer at the MITRE Corporation where she has supported a variety of government agencies since 2016. On the job, she enjoys working with low-level systems. Outside of work, she enjoys hiking high-level mountains. She holds a B.S. and M.S. in mathematics from Worcester Polytechnic Institute.