General Information

Course description

This course covers advanced techniques for attacks and defense in Cybersecurity. In particular, the course will teach binary reverse engineering, vulnerability analysis, exploit writing, patching vulnerabilities, bug hunting, etc. through ten-weeks of hands-on labs with examples.

This course borrows the format of Capture-The-Flag (CTF) challenges for not only learning techniques required to solve the challenge but also enjoying the fun of taking over the systems and blocking attacks.


  • Computer Architecture and Assembly Language (CS 271 at OSU)
  • Linux System Administration (CS 312 at OSU)
  • Operating Systems (CS 344 / CS 444 at OSU)
  • Programming Languages / Compilers (CS 381 / CS 480 at OSU)
  • Computer Networks (CS 372 / CS 476 at OSU)
  • Software Engineering (CS 361 / CS 362 at OSU)
  • Database Systems (CS 340 / CS 440 at OSU)

Class meetings

  • When: Tu&Th 16:00-17:50 (4:00pm-5:50pm)
  • Where: Bexell 415

Office hours and recitation

We will have office hours from 15:00-16:00 at KEC 3079 on Wed, every week (this could be changed at the instructor’s discretion).

Who should take CS 419/519?

CS 419/519 is primarily intended for both undergraduate and graduate students who are interested in obtaining skill sets required to combat against cyber attackers in the wild.

Over the course of lab exercises, students will be confident in competing in Capture-the-Flag (CTF) contests, conducting real-world bug hunting and getting bug bounty awards, and contributing to open-source projects by sending their patches through pull-requests.

Grading policy

  • 20% Paper summary
  • 30% Programming Assignments
  • 50% Projects
  • No midterm or final exams

Misconduct Policy

CS 419/519 provides a 7 day grace period (50% points after due date) and we strictly follow the plagiarism policy (read OSU’s Student Conduct CODE).


Cheating vs. collaboration

Collaboration is a very good thing. On the other hand, cheating is considered a very serious offense and is vigorously prosecuted. Vigorous prosecution requires that you be advised of the cheating policy of the course before the offending act.

For this semester, the policy is simple: don’t cheat:
  • Never share code or text on the project.
  • Never use someone else’s code or text in your solutions.
  • Never consult project code or text that might be on the Internet.
On the other hand, for this class, you are strongly encouraged to:
  • Share ideas.
  • Explain your code to someone to see if they know why it doesn’t work.
  • Help someone else debug if they’ve run into a wall.

If you obtain help of any kind, always write the name(s) of your sources.