Syllabus: CSE 365, Spring 2025

NOTE: this syllabus is a DRAFT and is subject to slight changes before the semester!

IMPORTANT: PLEASE COMPLETE COURSE SETUP ASAP.

University: Arizona State University
Course: CSE 365 — Introduction to Cybersecurity
Term: Spring 2025
Course Discord Channel: here (you must first complete setup)
Course Twitch: follow this channel
Course YouTube: follow this channel

Getting Started:

• Complete course setup.
• Learn how to use the dojo.
• Read information on discord.
• Read the syllabus.

Lecture/Live Events Schedule:

Live lectures:

• Tuesday 12:00pm: LSA191
• Thursday 12:00pm: LSA191
• If you are an online student, or wish to watch lectures online, make sure to watch all lectures in the module pages!

Recitation (optional, hands-on challenge/concept help):

• Mon 4:30pm: recitation (optional hands-on challenge/concept help), BYAC 260 and BYAC 190
• Tue 4:30pm: recitation (optional hands-on challenge/concept help), BYAC 260 and BYAC 190
• Wed 4:30pm: recitation (optional hands-on challenge/concept help), BYAC 260 and BYAC 190
• Thu 4:30pm: recitation (optional hands-on challenge/concept help), BYAC 260 and BYAC 190
• Fri 4:30pm: recitation (optional hands-on challenge/concept help), BYAC 260 and BYAC 190
• TODO: discord

Office hours:

• TODO
• You can catch up on office hours you missed on our twitch or our youtube.

Discuss, help, get help on our discord.

Course Emails

For help with the course, email cse365@pwn.college rather than individual faculty or TAs!

Instructors

Instructor: Jaejong Baek
Discord Handle: Dr.JJ
Email: jbaek7@asu.edu

Instructor: Connor Nelson
Discord Handle: kanak
Email: connor.d.nelson@asu.edu

Instructor: Yan Shoshitaishvili
Discord Handle: zardus
Email: yans@asu.edu
Office: BYENG 480

TAs

--------------------------------------------
| Name                | Discord Handle     |
--------------------------------------------
| TODO                | TODO               |
--------------------------------------------

Graduate TAs

Name: Pulkit Singaria
Discord Handle: x3ero0

Name: Pratham Gupta
Discord Handle: Alchemy1729

Name: Michael Tompkins
Discord Handle: frqmod

Course Description

This course will introduce students to the fundamentals of cybersecurity. Security is a complicated thing: it is only as strong as its weakest link, and a small, single mistake can often bring down otherwise extremely secure software.

In this course, we will explore security from the perspective of the web, following the entire technology stack from the CPU, to the kernel, userspace, networking, cryptography, and finally, all the way up to the browser and http server. Each lecture will consist of an introduction to a new topic and an assignment for students to explore these concepts.

These assignments will be very thorough, and by the end, students will have an intuitive understanding of how to exploit these vulnerabilities, and will have the building blocks needed to prevent them, both in the lab and in the real world.

Recommended Textbook

There is no recommended textbook for this course. Any reading material assigned will be from publicly-available sources on the internet.

Course Structure

This course will be delivered using the pwn.college platform.

All sections of this course will be treated as one big course. Most lectures will be prerecorded and posted on the course's pwn.college dojo and on the pwncollege YouTube channel. All live lectures covered in any sections will be available to attend online, as well as recorded and posted online after.

Students in all sections classes will be responsible for all content taught in all lectures, regardless of which scheduled slots of which sections that content overlaps. It is not necessary to consume this content live: asynchronously consuming any content outside of your course's scheduled slot is acceptible.

Schedule

This is a TENTATIVE schedule.

• Assignment 1: Using Linux. 1/13 – 1/19
• Assignment 2: Access Control. 1/20 – 1/26
• Assignment 3: Web Security. 1/27 – 2/09
• Assignment 4: Computing 101. 2/10 – 2/16
• Assignment 5: Network Security. 2/24 – 3/09
• Assignment 6: Cryptography. 3/17 – 3/30
• Assignment 7: Reverse Engineering. 3/31 – 4/13
• Assignment 8: Binary Security. 4/14 – 4/27
• Assignment 9: Integrated Security. 4/28 – 5/11

See the grades page for precise due dates.

Course Communication

All announcements and communications for the class will take place on the discord, with announcements in the #announcements and discussion in the #text class-specific channel. Students are expected to be on this discord.

Student may use the discord to ask questions or clarifications, and the TA, Instructor, or other students can answer. Note that sharing full solution scripts or answers is expressly prohibited, but otherwise, collaboration on the way to the solution is allowed.

Other questions should be emailed to the course mailing list at cse365@pwn.college. Before emailing your question, please consider asking it on the discord instead. This way, the entire class will benefit from your question.

Recitations

This course has optional daily recitations during the week from 4:30 to 5:45 in BYAC 190 and 260. All students are encouraged to attend any recitation for in-person assistance.

Students that cannot make it to the recitations can receive help on the course discord synchronously and asychronously. Helping on discord is part of our TA and instructor team's duties.

Office hours will be held online weekly.

Assessment

Students performance will be evaluated on (tentatively) 9 assignments (the modules), where each assignment will consist of between 10 and 100 (yes) challenge problems. Each assignment has four parts: participation (1 percentage point), checkpoint (3 percentage points), challenges (5 percentage points), and reflection (1 percentage point). The last assignment, Integrated Security, is worth double.

Component	Weight
Assignment 1 - participation	1%
Assignment 1 - checkpoint	3%
Assignment 1 - challenges	5%
Assignment 1 - reflection	1%
Assignment 2 - participation	1%
Assignment 2 - checkpoint	3%
Assignment 2 - challenges	5%
Assignment 2 - reflection	1%
Assignment 3 - participation	1%
Assignment 3 - checkpoint	3%
Assignment 3 - challenges	5%
Assignment 3 - reflection	1%
Assignment 4 - participation	1%
Assignment 4 - checkpoint	3%
Assignment 4 - challenges	5%
Assignment 4 - reflection	1%
Assignment 5 - participation	1%
Assignment 5 - checkpoint	3%
Assignment 5 - challenges	5%
Assignment 5 - reflection	1%
Assignment 6 - participation	1%
Assignment 6 - checkpoint	3%
Assignment 6 - challenges	5%
Assignment 6 - reflection	1%
Assignment 7 - participation	1%
Assignment 7 - checkpoint	3%
Assignment 7 - challenges	5%
Assignment 7 - reflection	1%
Assignment 8 - participation	1%
Assignment 8 - checkpoint	3%
Assignment 8 - challenges	5%
Assignment 8 - reflection	1%
Assignment 9 - participation	2%
Assignment 9 - checkpoint	6%
Assignment 9 - challenges	10%
Assignment 9 - reflection	2%

These numbers add up to 100%, the highest possible grade in the course.

Challenge-based assignments with flags as rewards.

Each assignment will consist of a large amount of varied, but related challenges, and will be live for between one and two weeks. Solving these challenges may require the use or implementation of fairly complex hacking tools. Solving each individual challenge will grant a challenge-specific passcode, called a "flag". The maximum number of flags possible to score for an assignment is equal to the maximum number of challenges in the assignment.

The existence of flags means that there is no wrong way to solve a challenge. If you tricked the challenge into giving you the valid flag, good job.

Your grade for each assignment is four parts:

The Participation

Your participation grade relies on watching the lectures. In-person students can choose to attend lectures live during their scheduled class time. In-person and remote students can attend prerecorded lectures online. We will use a number of potential ways to ensure that you've watched the lectures. These can include youtube stats, javascript instrumentation, and LLM knowledge checks.

The Checkpoint

The checkpoint is worth 30% of the total assignment grade, and is granted if you have solved half of the challenges (rounded down) before the checkpoint deadline. After the checkpoint has passed, there is no way to earn this 30% --- it is gone forever.

The checkpoint will be due a week after the assignment is assigned (see the grades page for precise dates and times). This may line up with the assignment's deadline if the assignment is only one week long.

The Challenges

The next 50% of your assignment grade is simply the percentage of how many flags you managed to capture. If the assignment has 10 challenges, and you solve 5 of them, you will earn half of this 50%. Note that this flag percentage only has meaning within an individual assignment: no matter how many flags you capture in Assignment A, it will not directly affect your score in Assignment B (though, of course, the knowledge that you solidify while solving the challenges will absolutely help you throughout the course).

After the assignment deadline passes, solves will still count for 80% credit (so if you solve none of the challenges before the deadline, and complete all challenges after the assignment deadline, you will lose out on 30% of the assignment for the checkpoint and on a further 10% for the late penalty.

The Reflections

The remaining 10% will be a reflection, involving technical questions, course progression questions (e.g., to understand how much time the challenges are requiring from students), and a technical writeup of the student's approach to and takeaways from the challenges.

Extra Credit

Previous iterations of this course had extra credit. This iteration of the course does not have any extra credit, with one exception:

pwn.college Bug Bounty Program:
Any responsibly-disclosed serious security issues in course infrastructure will earn an amount of extra credit up to 15%, depending on severity (a more typical amount is 1% to 5%). Blatantly spurious reports may earn a negative percentage report of up to -5 percentage points. Allowances will be made for honest mistakes leading to a spurious bug bounty filing, but please don't waste our time on purpose.

Example Scenarios

"Cs get degrees!"
A student that watches all the lectures (earning full 10% participation), does the reflections (another 10%), reaches every checkpoint (another 30%), thus solving half of the challenges of each module (another 25%, though rounded down in the case of an odd number of chals per module), and does literally nothing else, will get about 75% in the course.

The Procrastinator.
A student that solves all challenges before their respective module due dates but misses all the checkpoints will earn a 70% in the course (provided they earn full participation and reflection grades). Do the checkoints.

The Extreme Procrastinator.
A student that turns into Rainman and solves all challenges on the last day of the semester will earn (provided they have full participation and reflection) 10% reflection + 10% participation + 0% checkpoint + 40% = 60% and an Orange Belt. Don't be an extreme procrastinator.

Almost There.
A student that solves everything, perfectly on time, but misses one challenge will get a 99.something% and get an A.

Extension Requests

Please understand that we believe deadlines to be an important mechanism for ensuring success in this class. In our experience, extensions often hurt students: they snowball into several assignments pulling up, which is probably both stressful, and a situation that does not end well. Steady progress in the course is critical to success.

Regardless, let us know what's going on. We (hopefully) aren't unreasonable people, and we understand that there is a time and a place for a deadline extension on a case-by-case basis. If your case warrants an extension, we're going to grant you an extension. If you're just asking for an extension because you're behind, unfortunately we're going to say no. Start early on the assignments!

In order to collect all extension requests into a single location, please make your request here, instead of email, discord, or canvas. Extension requests MUST be within 48 hours of the deadline for the assignment. If you are sick and can't make the deadline, submit the form before the deadline passes. If you are in a coma or otherwise unable to submit the form, we will be reasonable, but we will be strict here.

Letter Grade Calculation

The final grade will be calculated by averaging the grades of each homework assignment, equally weighted, then adding extra credit. Percentages will be translated to letter grades with the following initial cutoffs:

Percentage Grade	Letter Grade
>= 100	A+
>= 93	A
>= 90	A-
>= 87	B+
>= 83	B
>= 80	B-
>= 77	C+
>= 70	C
< 70	E

Please note that to earn an A+, you must solve every challenge in the course.

Curves

If necessary, we will curve on an individual module basis (e.g., we could curve the Reverse Engineering module grades if performance is unduly low on this module). We'll decide on these curves promptly. There will be no course-wide curve.

Honors Contracts

This course offers honors contracts! Honors students must create a custom pwn.college module on a computing topic of their choice, and submit it as a contribution to the Honors Dojo. There should be 4-10 challenges progressively teaching the concept, as well as either accompanying text or lecture videos (at least 10 minutes per challenge) to help explain ideas. Interested students should contact the instructors over email.

Collaboration Policy

Collaboration is HIGHLY encouraged in this course, within the bounds of the rules.

How Much to Collaborate

There is a delicate balance between being excessively helpful, and learning. The purpose of course collaboration is understanding concepts. As such, questions and answers should be focused on concepts, and not how to solve challenge X.

The challenges explore important concepts, and so it is fine to discuss the challenges. However, you may not discuss full or significant portions of a challenge's solution. Furthermore, you may not intentionally solve challenges as a group. The assignments must still be solved individually.

Feel free to discuss ideas important to the challenge, or tools which may be useful.

If there is any confusion, just ask! We try to assume good intentions, but egregious violations are an Academic Integrity Violation. Note that, in the entire history of pwn.college, no one has received an AIV for any public activity or help on our discord. Don't worry, be reasonable, and help your peers!

Where to Collaborate

This one is more strict. You may ONLY collaborate on the official pwn.college discord, and in CSE 365 recitations and live course sessions. Any discussion of course material on ANY other discord, even quasi-official discords such as the ASU Hacking Club, will be considered an Academic Integrity Violation.

Using Generative AI

This course allows you to use generative AI. In fact, we provide SENSAI, a GPT-4 instance augmented with data from your running challenge. You can use it to your heart's content (as long as our budget does not run out).

Please keep in mind that "the AI did it" is not a valid excuse for academic integrity violation. If you use SENSAI and the AI gives you a solution that matches another student's, we can check logs and clear you. If you use other generative AI platforms outside of our control and run into this scenario, you will be liable for the Academic Integrity Violation.

WARNING: Using generative AI instead of thinking is a quick shortcut to fail this course. We have instructed our TAs not to help debug code and solutions that are obviously LLM-generated or to help students that cannot ask reasonable questions about the material. Do not rely on the LLM to think for you.

Plagiarism and Cheating

Plagiarism or any form of cheating in assignments or projects is subject to serious academic penalty. To understand your responsibilities as a student read: ASU Student Code of Conduct and ASU Student Academic Integrity Policy. There is a zero tolerance policy in this class: any violation of the academic integrity policy will result in a zero on the assignment and the violation will be reported to the Dean’s office. Plagiarism is taken very seriously in this course.

Examples of academic integrity violations include (but are not limited to):

• Sharing code with a fellow student (even if it’s only a few lines).
• Collaborating on code with a fellow student.
• Using another student's solution to solve a challenge and get a flag.
• Sharing a flag with another student (NEVER ALLOWED UNDER ANY CIRCUMSTANCES).

Posting your assignment solutions online is expressly forbidden, and will be considered a violation of the academic integrity policy. Note that this includes working out of a public Github repository. The Github Student Developer Pack provides unlimited private repositories while you are a student, making it easy to begin with a private GitHub repository.

Special Accommodations

Students requesting disability accommodations should register with the Disability Resource Center (DRC) and present the instructor with appropriate documentation from the DRC.

Syllabus Update

Information in the syllabus may be subject to change with reasonable advance notice and an announcement on discord.

Misc

Syllabus copyright 2025, along with all lectures and course-related written materials. During this course students are prohibited from making audio, video, digital, or other recordings during class, or selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of the faculty member teaching this course. Be reasonable.

Title IX is a federal law that provides that no person be excluded on the basis of sex from participation in, be denied benefits of, or be subjected to discrimination under any education program or activity. Both Title IX and university policy make clear that sexual violence and harassment based on sex is prohibited. An individual who believes they have been subjected to sexual violence or harassed on the basis of sex can seek support, including counseling and academic support, from the university. If you or someone you know has been harassed on the basis of sex or sexually assaulted, you can find information and resources at https://sexualviolenceprevention.asu.edu/faqs.

As mandated reporters, we am obligated to report any information we become aware of regarding alleged acts of sexual discrimination, including sexual violence and dating violence. ASU Counseling Services, https://eoss.asu.edu/counseling, is available if you wish discuss any concerns confidentially and privately.