This course will give students a hands-on deep dive into penetration testing tools and methodologies. Starting with reconnaissance, open source intelligence, and vulnerability scanning we will move on to exploiting both clients and servers, ... moving laterally through a network while evading security measures. OWAP Top 10 will be covered and hands-on exercises will reinforce how to discover these types of vulnerabilities on a penetration test. We will also cover vulnerability disclosure and communicating the results of a penetration test with all levels of clients, from security engineers to C-level executives.

Formerly ENPM809A. The goal of this course is to provide students with a foundational understanding of cryptography as used in the real world. Students will learn about private-key encryption, message authentication codes, key-exchange protocols, ... public-key encryption, and digital signatures, in addition to learning about underlying primitives such as pseudorandom number generators, block ciphers, and hash functions. In addition, the course will cover the “cryptographic mindset,” including formal threat modeling and proofs of security. The course will emphasize real-world usage of cryptography by discussing standards and best practices, and through programming assignments meant to reinforce the concepts covered in class. No prior background in cryptography will be assumed; however, students will be expected to have mathematical maturity and knowledge of C programming. Learning outcomes: Understanding of basic cryptographic primitives and schemes, and when they are appropriate. Ability to carry out basic security analysis of new constructions. Knowledge of current best practices and standards for the use of cryptography. Ability to implement basic cryptographic functionality.

Formerly ENPM809I. Computers pervade our everyday lives. However, desktops and laptops are just the tip of the iceberg representing just 2% of microprocessors produced. Hidden just beneath the surface is a substantial and diverse group of computers ... referred to as embedded systems. This massive category of machines represents the other 98% of processors produced today. This invisible but pervasive hardware underpins our society’s most critical functions and they are being hacked. The purpose of this course is to reveal the tools, techniques and procedures (TTPs) employed by adversaries to exploit and subvert the security of embedded systems. This course will cover core concepts and techniques to analyze and characterize the behavior of embedded systems and platforms. Concepts will be introduced and discussed within the context of an adversary intent on altering or subverting the behavior of such systems. The course does not expect students to have any prior embedded systems experience. At the conclusion of this course the student will be familiar with: Embedded system basics; Basic soldering techniques; Board analysis methodology; Identification of peripherals, data buses, diagnostic ports and tap points; Device instrumentation; Bus monitoring and decoding; Development access via JTAG; Tools used for ARM & MIPS assembly/disassembly; How shellcode is formatted; Return oriented programming attacks; Attacks similar to x86 platform.

Fall 2025 W 7:00pm - 9:40pm Thomas Dineen
Cloud computing has become a major force in the IT industry and enables anyone to quickly deploy an enterprise-ready IT environment with only a few clicks of a button. With all of that power comes great responsibility and significant risk. ... While many of the risks are the same risk a traditional IT environment faces there are many new risks in the cloud and we will explore options to mitigate those risks. This course will cover the fundamentals of securing cloud-based workloads from the ground up with many hands on examples. Through these hands on exercises the course will demonstrate where the similarities and differences are when securing the cloud compared to securing traditional IT. Topics include cloud-specific issues when designing secure applications, managing identity and access, protecting data, handling incident response, conducting penetration tests, and forensics in the cloud. In addition to a final project students will perform hands on exercises as well as assignments to reinforce the lecture material. While we wil primarily focus on Infrastructure-as-a-Service we will also discuss Platform-as-a-Service and Software-as-a-Service, specifically around security considerations for those services. Students taking this course should be familiar with a wide variety of security tools and will find it helpful to have an understanding of to decipher and write in a scripting language

Fall 2025 W 4:00pm - 6:40pm Ryan Kropff
Summer 2025 W 5:30pm - 8:45pm Jonas Amoonarquah
Students will implement a robust incident response methodology, including proper forensic handling of evidence, and cover legal aspects of national and international law regarding forensics. The bulk of the course covers evidence acquisition, ... preservation, analysis and reporting on multiple platforms.
Previoulsy offered as ENPM808P. Prerequisites: Experience with both Windows and Unix-based operating systems, including using the command line. Intermediate Windows and Linux skills, familiarity with file system concepts.

As software gets more complex, there is even more potential for vulnerabilities to remain in the production version. While traditional and emerging software testing methods are very good at detecting a large majority of "bugs" in the software, ... modifications to the methods are necessary to ensure vulnerabilities related to security are discovered and mitigated prior to release. In industry, there is also a cost-benefit analysis that determines the limits to pre-release testing, further enforcing the need to uniquely identify security vulnerabilities, potentially prioritizing their correction over other vulnerabilities. This course will cover methods of building security in from the beginning of development and testing the resulting software to ensure security vulnerabilities are detected. The course will use a mixture of textbook principles and research papers to cover the concepts. Students will also complete a course project.
Prerequisite: ENPM691 and CMSC106

Fall 2025 Th 7:00pm - 9:40pm George Zaki
This class will introduce fundamentals of machine learning techniques and deep dive in cutting edge concepts that enabled neural networks to achieve state of the art performance in many visual, textual, and biomedical problems. Fundamental ... concepts like feed forward networks, convolution networks, recurrent neural networks, back propagation, loss functions, batch gradient descent, and stochastic optimization will be studied. Students will have hands-on experience with state-of-the-art deep learning frameworks like Keras/TensorFlow/PyTorch to build, evaluate, use, and debug these networks for real life applications.

Fall 2025 Tu 7:00pm - 9:40pm Michael Wittner
This course provides an in-depth understanding of how to find flaws in Linux (both userspace and kernel space) and software within embedded devices (focusing on bare-metal software/firmware and hardware-focused techniques). Students will get ... an inside look at how modern operating systems and embedded devices protect their programs, flaws within the protection mechanisms, and how to exploit them. Although this is an offensive-focused course, mitigations to protect the programs will also be discussed.