Resources

This page contains links to helpful or educational resources relating to the club or cybersecurity in general. Here you can find links to code and projects maintained by the club, as well as any general resources helpful for learning about computer security.

Club resources

• Our GitHub hosts public code for projects and competitions. Any contributions are welcome!
• Join our Slack to discuss club events and computer security in general!

Development

Some things we’ve built that you might find useful:

• CCDC tooling: some packages and scripts we use in competition in CCDC
  • Network killer: a Rust tool to kill all established TCP connections on a Linux machine
  • Ansible hardening toolkit
• CatShare: a cat-themed vulnerable website featuring IDOR, XSS, and session handling vulnerabilities
• Securescope: an autograder base Docker image for Gradescope with improved security

Stanford resources

• Stanford Cyber Policy Center
• Stanford Internet Observatory
• Stanford Security Seminar Series
• Stanford Security Lunch

Security courses at Stanford

• * INTLPOL 268 Hack Lab: Introduction to Cybersecurity (typically fall) is an introductory cyber security, law, and policy course. Hack Lab teaches the basics of a number of different types of security exploits, including web attacks and defenses, operating system attacks such as EternalBlue, Firebase, and phishing and social engineering, as well as the legal ramifications of such attacks. There are no prerequisites and no computer science background assumed.
• * CS 155 Computer and Network Security (typically spring) is the main, more technically involved security course at Stanford. The three main components of the course are memory safety and control hijacking, web attacks and defenses, and network security. The prerequisite is an operating systems class such as CS111.
• * CS 153 Applied Security at Scale is a course that deals with the unique challenges of solving security problems at industry scale and brings a number of renowned guest speakers to campus. Past speakers have included Matthew Prince (CEO of Cloudflare), Steve Huffman (CEO of Reddit), and Greg Brockman (cofounder of OpenAI).
• * CS 255 Introduction to Cryptography (typically winter) covers the theory and practice of modern cryptographic techniques for computer security, including symmetric and asymmetric encryption, digital signatures, authentication, and key management. The prerequisite is an introductory probability class such as CS109.
• * CS 40 Cloud Infrastructure and Scalable Application Deployment (typically winter) is a student-taught course on deploying web applications to the cloud in an efficient way that can scale to large user growth at minimal cost, with a significant emphasis on security. The prerequisite is an introductory systems class such as CS107.
• CS 152 Trust and Safety Engineering can be thought of as the flipside of digital security: it handles the ways that online services can cause harm when used as intended (whereas security generally deals with abuse of services in ways originally unintended). The prerequisite is a secondary CS class such as CS106B.
• * CS 144 Introduction to Computer Networking covers foundational computer networking topics including internet and transport protocols and routing and frequently touches on security topics. The prerequisite is an operating systems class such as CS111.
• CS 249I The Modern Internet (typically winter) is an exploration of how the internet operates in practice today, heavily touching on modern internet security concepts such as TLS and WebPKI, as well as the security of BGP, DNS, and email systems. This is an advanced networking course that has an introductory networking course such as CS144 as a prerequisite.
• CS 356 Topics in Computer and Network Security is a graduate research-oriented course that covers foundational and evolving topics in the security field. The prerequisite is a foundational security course such as CS155.

* Indicates recent course staff involvement by AC members.

General resources

This section contains a number of links to general computer security resources. Note that Applied Cyber is not affiliated with the following links, and although many members have used these resources without issue, we cannot guarantee that they are correct or safe. Use at your own risk!

• CTFTime is a website that details upcoming CTF competitions.
• Reverse Shell Generator is useful in penetration testing scenarios for generating commands that open reverse shells.
• Baserunner is a useful tool for exploring vulnerable Firebase datastores such as those commonly seen in popular mobile apps.