CMSC389R course at UMD
Switch branches/tags
Nothing to show
Clone or download
Latest commit 39dceba Sep 19, 2018
Failed to load latest commit information.
week update kali link in syllabus Sep 15, 2018 fix name typo Aug 31, 2018
HackTheClass.png syllabus: added picture May 23, 2018 Updated lecture 3 link Sep 19, 2018

CMSC389R: Introduction to Ethical Hacking (HackTheClass)


Course Description

This practical, hands-on 1-credit course provides students with an introduction to ethical hacking. The course begins with a discussion on the ethics behind security research and progresses to topics that surround penetration testing, forensics, cryptology, and binary reverse engineering and exploitation. This course is also meant to introduce students to Capture-the-Flag (CTF) style cybersecurity challenges, encourages participation in UMD's Cybersecurity Club (UMDCSEC), and prepares for CMSC414.

Course Details

  • Course: CMSC389R
  • Prerequisites: C- or better in CMSC216 and CMSC250
  • Credits: 1
  • Seats: 30, 2 sections
  • Lecture Time: Fridays, 2-2:50 PM (0101) and 3-3:50 PM (0201)
  • Location: CSI 2107
  • Semester: Fall 2018
  • Textbook: None
  • Course Facilitators: Michael Reininger, Wesley Weidenhamer and Joshua Fleming
  • Faculty Advisor: Dave Levin
  • Syllabus Last Updated: August 30, 2018
  • Previous Offering: Spring 2018

Topics Covered

  • Security research ethics
    • Cyberlaw
    • Responsible disclosure
    • Expectation of privacy
  • Linux
    • Command line
    • Configuring an environment
    • Virtual machines
  • Target reconnaissance
    • OSINT
    • Social engineering
    • OPSEC
  • Penetration testing
    • Vulnerability scanning
    • Using automated tools
    • Maintaining persistence
  • Forensics
    • Imaging
    • File types and carving
    • Metadata
    • File system artifacts
    • Network packet captures
    • Steganography
  • Binaries
    • Reverse engineering
    • Stack-based buffer overflow
  • Web
    • Javascript deobfuscation
    • SQL injection
    • XSS
  • Cryptography
    • Classic ciphers
    • Symmetric and asymmetric key
    • Hash-length extension attacks
    • Password cracking
  • Capture the Flag (CTF)
    • Jeopardy vs Attack-Defense
    • Write-ups


Assignments should be submitted through your personal fork of our class repository. Instructions on how to set this up and do it can be found here.

Grades will be released through ELMS.

You are responsible for all material discussed in lecture and posted on the class repository, including announcements, deadlines, policies, etc.

Your final course grade will be determined according to the following percentages:

Percentage Title Description
45% Write-ups Weekly individual write-ups (250-500 words) that summarize and explain your solutions to the assigned CTF challenges or concepts covered in lecture.
20% Midterm Examination on topics covered until Forensics II.
25% Final Hack Demonstrate mastery of all topics learned and apply knowledge to change your grade on the class's private grade server. The grade earned will be determined by levels unlocked in the grade server and will be applied to your official final grade.
10% Competitions Certain assignments throughout the semester will be competitive in nature. The final 10% of your grade will be determined by your performance on challenges in a competitive setting.

Any request for reconsideration of any grading on coursework must be submitted within 36 hours of when it is returned. No requests will be considered afterwards.

Assignments may be submitted up to 3 days late for a 5%/day penalty.


Week Topic Assignment
1 (8/31) Introduction + Ethics 1 Writeup 1, Download VMWare, Kali. OSINT Handbook
2 (9/7) Ethics 2 + OSINT 1 Writeup 2, Kali VM installation instructions
3 (9/14) OSINT 2 + Vulnerability scanning Writeup 3
4 (9/21) Penetration testing I Writeup 4
5 (9/28) Penetration testing II Writeup 5
6 (10/5) Forensics I Writeup 6
7 (10/12) Forensics II Writeup 7
8 (10/19) Midterm
9 (10/26) Cryptography I Writeup 8
10 (11/2) Cryptography II Writeup 9
11 (11/9) Binaries I Writeup 10
12 (11/16) Binaries II Writeup 11
13 (11/23) Thanksgiving Break
14 (11/23) Web Writeup 12
15 (11/30) (Potential Guest Speaker or Demo Day)
16 (12/7) Wrap-up Final hack.

The timeline is not final and can be subject to change.

Communicating with course staff

There are no designated office hours for this course. Course staff will remain in the classroom after class on Friday's to answer questions and provide assistance as needed. Meetings can also be scheduled via Piazza.

Outside of class interaction between students and course staff will occur via piazza. Email should only be used for emergencies and not class related questions.


Dr. Dave Levin -


Michael Reininger -

Wesley Weidenhamer -

Joshua Fleming -

Excused Absence and Academic Accommodations

See the section titled Course Related Policies.

Disability Support Accommodations

See the section titled "Accessibility" available at Course Related Policies.

Academic Integrity

Note that academic dishonesty includes not only cheating, fabrication, and plagiarism, but also includes helping other students commit acts of academic dishonesty by allowing them to obtain copies of your work. In short, all submitted work must be your own. Cases of academic dishonesty will be pursued to the fullest extent possible as stipulated by the Office of Student Conduct.

It is very important for you to be aware of the consequences of cheating, fabrication, facilitation, and plagiarism. For more information on the Code of Academic Integrity or the Student Honor Council, please visit

Course Evaluations

If you have a suggestion for improving this class, don't hesitate to tell the instructor or TAs during the semester. At the end of the semester, please don't forget to provide your feedback using the campus-wide CourseEvalUM system. Your comments will help make this class better.

Thanks to the writers of this syllabus for the wording of much of this document.