This is truly amazing. I had never been so energetic while listening to lectures. Thanks a lot to the Professor and MIT for making such exciting study materials available online without asking for a single penny in return. :)
@@beback_ Hello, The professor said their is no book in this course but do know if there is anyway that the labs that he mentions, are they by any chance uploaded on you tube? I feel very prevliged to be able to take this course online as I am not financially strong to attend in person. But I would be extremely grateful if I could get some guidance in the lab work.
What a great lesson , I am never seem so excited just by watching online course, but the instructor is success giving their material by a fun way ,Thank you MIT you deserve the tittle of the best school in earth.
It would be really helpful if their were subtitles for the parts when the students are talking. I think it's really cool that the sound changes but you still can'T really understand them so subtitles would be really helpful. Really great Course, i enjoyed watching this and am looking forward to the next lectures. Thank you
This is truly an amazing lecture that details what network security actually is. An amazing way to advertise for a scripting lecture that is very well detailed at that age.
One best example is the EMV standard (Europay, MasterCard, Visa), where a unique key is generated for every single transaction (balance inquiry, withdrawal, etc.) based on the chip on the card and the PIN keyed by the user. Also, SSL is now deprecated in favor of TLS.
Whoever presented the idea id sharing this on RUclips well i praise your mind you are a God man simply the best heart this is a great knowledge n i wish MIT share more and more topics and different problems solutions n alorithms n also different studies knowledge with different subjects its very good 💯❤
Seems like the coverage of threat models is very brief with this lecture focusing more on threats and vulnerabilities. So if you, like me, were hoping for extended content on threat modeling then I'd recommend a different video.
@@LoneVocalist Except, the description, clearly states it's about: `... concept of threat models.` Not "how to write a Threat Model." So he's dead on what he should do, get them excited about it, vs "Dang these will suck, I'm going to hate Info Sec." like most corporate Coders these days.
@@osufwiffo I'll just copy my other comment here for you: This video is a waste of time*, but let me help you waste a little less of your time with timestamps: fluff 5:42 - What is Security? more fluff 15:35 - Policy example of a company that got hacked example of a company that got hacked 22:30 - Threat Models example of a company that got hacked example of a company that got hacked 29:44 - Mechanisms example of a company that got hacked example of a company that got hacked example of a company that got hacked *This video is falsely titled because it's not about threat modeling. There's no threat modeling process presented in the video at all, no mention of STRIDE or DREAD or anything you hope to learn, just a quick verbal summary. Instead the instructor prefers to give tons of examples of hacks at big company and giggle at them. The video spends way more time on buffer overflow than threat modeling. Can't believe people are paying a fortune for this at MIT.
Is this course useful for someone who has not taken any sort of computer science course and has little/no experience in coding? Or is there another lecture series I should start with?
We would recommend you start with 6.00SC and work your way up. (The course sequence to get here would be 6.00SC or 6.01SC or 6.001, 6.002 > 6.004 > 6.033 > 6.858). ocw.mit.edu/courses/electrical-engineering-and-computer-science/ Best wishes on your studies!
MIT Team, Well done. This is fantastic and just in time. In Lecture 1, you mentioned you might hold a tutorial on how to dissect a binary and related items. Did you ever do that? Is there a recording or document describing this? I can't seem to find a good source for this sort of thing (outside of learning IDA Pro). Not a strong programmer so could use the help. Thanks for all the work you do to make this accessible.
hello, thank you for your wonderful video, by any chance do you have any summary of this course ? if anyone have it i will be thank full to share it with me.
Here is the course description: 6.858 Computer Systems Security is a class about the design and implementation of secure computer systems. Lectures cover threat models, attacks that compromise security, and techniques for achieving security, based on recent research papers. Topics include operating system (OS) security, capabilities, information flow control, language security, network protocols, hardware security, and security in web applications. For more info and materials, visit MIT OpenCourseWare at: ocw.mit.edu/6-858F14 Best wishes on your studies!
14:41 alright... so, would saying a word like "verb" followed by another word like "object" on a command line interface be considered a thread vector within this model of yours; make sense? 14:50 left 4 even... my password is ummm 15:51uhhh...
Can you provide for reference sources citing the three folded security approach (policy, tm and mechanisms)? Regarding the threat model, is there a generally accepted methodology you could mention (preferably free from product bias) specifically advised for system protection endevors ?
Thank you very much Nickolai/MIT on simplifying Threat Model..... I found the GDB found a bit difficult to understand as I am not good with C and x86 assembly.. Can you please advise some resources to understand GDB and x86... thank you once again for the interesting lecture.
Does anyone have any additional information about the DARPA secure OS backdoor story I was not able to find any related material. It is interesting to reflect today dependency confusion attack works.
you guys need to have an educational auditing service where students can submit papers and programs for grading and take proctored tests for credit. with the glut in the academic labor market and the sheer tonnage of hungry grad students you could farm the grading to the credentialed poor through something like Amazons Mechanical Turk. With all the syllabi, readings, open source systems and even lectures free on line there is no reason student's should have to mortgage themselves for an undergraduate degree. and by the same token there is no reason each class shouldn't have several million student's earning grades.
Congratulations excellent videos, could you please change the standard youtube license to creative common license, to be able to download the videos are no ethical dilemma. Thanks a lot for your valuable help.
You can use these videos without ethical dilemma as long as you follow our Creative Commons license (BY-NC-SA 4.0), see ocw.mit.edu/terms/ for details. The reason we do not use the RUclips Creative Commons license is because it doesn't match our license.
Great course but the lecture is little too long...this lecture should have been broken down into two parts for class focus optimization. You can also listen to lecture with 2x the speed if you can absorb that fast.
+Black Panda The syllabus page in the full OCW course site ocw.mit.edu/6-858F14 is where prerequisites are listed. In this case, 6.033 Computer System Engineering is the prerequisite: ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-033-computer-system-engineering-spring-2018/. Good luck with your studies!
Where can I learn "what a binary program looks like, how to disassemble it, how to figure out whats on stack..." (as mentioned in 4:20)? Also I wanted to know if it is possible to access the data stored in memory of one program using another program.
There does not seem to be a required textbook for this course. You should look at the Readings section of the course on MIT OpenCourseWare at ocw.mit.edu/6-858F14 for more information.
I am simply blown away by the fact that we can just watch these for free. This is the very definition of quality content.
Man, I just wish to found these earlier in university.
So fascinating story of the corners I'm thinking about the corners order so fascinating
And imagine some people hate this facts and dislike this Video
Amen!
Almost all content in information security is free. You just need to find the good one and separate it from junk.
This is a clear indication and proof of how MIT secure it's top position in technology education. Thanks to MIT from the bottom of my Heart.
This is truly amazing. I had never been so energetic while listening to lectures. Thanks a lot to the Professor and MIT for making such exciting study materials available online without asking for a single penny in return. :)
Check out their math and basic science courses. They're even better.
@@beback_ Can you please provide course name or link for basic math and science courses ?
It’s not free. It’s paid for by either govt grants or private funding.
@Justin Garcia This is a computer security course, not a philosophy course...
@@beback_ Hello, The professor said their is no book in this course but do know if there is anyway that the labs that he mentions, are they by any chance uploaded on you tube?
I feel very prevliged to be able to take this course online as I am not financially strong to attend in person. But I would be extremely grateful if I could get some guidance in the lab work.
the fact that he went through the syllabus in 5 minutes blows my mind, my profs often take the full first lecture.
I am going back to school for my cybersecurity major, and I was just looking for lectures to fall asleep to. This is GOLD.
I have zero background on cybersecurity can I start learning here with theses lessons ?
@@ddollarz567 yes u can
After watching these videos I was able to put mit cyber security course graduate. I then got a job paying $100k a year thankyou !!!
This is the power of MIT. Amazing lecture on cybersecurity for aspiring students in this field.
Content starts at 5:43
Thanks
Thank you for promoting educational equality by making such high quality content available.
What a great lesson , I am never seem so excited just by watching online course, but the instructor is success giving their material by a fun way ,Thank you MIT you deserve the tittle of the best school in earth.
Thank you MIT for making those videos online...
Love from India...!!!
I recommend the book "Security Engineering" (Ross Anderson, 3rd ed., 2021) as background reading.
Thank you :)
It would be really helpful if their were subtitles for the parts when the students are talking. I think it's really cool that the sound changes but you still can'T really understand them so subtitles would be really helpful. Really great Course, i enjoyed watching this and am looking forward to the next lectures. Thank you
Thanks to Prof Professor Zeldovich for this amazing lecture, even I have just watched it today, still it makes my mind blown.
This is truly an amazing lecture that details what network security actually is. An amazing way to advertise for a scripting lecture that is very well detailed at that age.
The MIT chalk is very smooth.
Its a special Japanese chalk thats going out of production its a huge thing
@@lseul8812 sorry to hear that
CLDZALKX-- This vision, of cells-- not out from. You mentioned, smooth? Man yuck!
Start with this course and I'm enjoy it already.
One best example is the EMV standard (Europay, MasterCard, Visa), where a unique key is generated for every single transaction (balance inquiry, withdrawal, etc.) based on the chip on the card and the PIN keyed by the user.
Also, SSL is now deprecated in favor of TLS.
Whoever presented the idea id sharing this on RUclips well i praise your mind you are a God man simply the best heart this is a great knowledge n i wish MIT share more and more topics and different problems solutions n alorithms n also different studies knowledge with different subjects its very good 💯❤
This guy is doing a great job of explaining this information. Lucky students!
You're getting the same information lucky you!
21:40 20 minutes late to class, immortalized online
If only the Professor said somethin. xD
He gave em' the eyes.
An employer doing a social search on you will be happy to find this.
What if the kid's mom blew up, and he still made it to class. Now how will the employer feel?
Requesting more recent lectures on the Information System Security
a bit late, but prof Zeldovich has recorded 2020 lectures
Lecture starts at 5:43
Nice video in educating of the fundamentals. Buffer overflow and code attach details from around 46'48. Thanks MIT give us the video!
I long to be in such a class.One day,my wish will be granted.
Greetings from Kenya!
Greetings from the USA. We'd love to have you!
kenyan also;;;; enyewe tunasoma
Oh boy another migrant.
You are in already! Thanks to MIT!
@@fredharvey2720 Are you an Indian?
I think technique adapted at MIT is understanding existing setup, Concentrating problems then solutions... That makes student to think continuously
Truly amazing classes.
Going to watch this whole playlist thank u
So, they need to study C, assembly, python and Java in the same time? Here is my respect!!!
actually, makes it seem like going to school is not a bad idea when you have professors like this. not really a waste of time.
This style is so on point!
Lecture begins at 5:40
22:30 is Threat Models
that definition of security is wow
Wish Nalanda Was Never Destroyed. This was some A++ stuff.
In the end, It is what is :/
Seems like the coverage of threat models is very brief with this lecture focusing more on threats and vulnerabilities. So if you, like me, were hoping for extended content on threat modeling then I'd recommend a different video.
have you find any course on the stipulate subject? and if you have would you mind sharing this with me?
Great examples professor
Is that his name, professor Examples? Because that's all he did for an hour instead of teaching any threat modeling like the title suggested.
@@LoneVocalist Except, the description, clearly states it's about: `... concept of threat models.` Not "how to write a Threat Model." So he's dead on what he should do, get them excited about it, vs "Dang these will suck, I'm going to hate Info Sec." like most corporate Coders these days.
@@osufwiffo I'll just copy my other comment here for you:
This video is a waste of time*, but let me help you waste a little less of your time with timestamps:
fluff
5:42 - What is Security?
more fluff
15:35 - Policy
example of a company that got hacked
example of a company that got hacked
22:30 - Threat Models
example of a company that got hacked
example of a company that got hacked
29:44 - Mechanisms
example of a company that got hacked
example of a company that got hacked
example of a company that got hacked
*This video is falsely titled because it's not about threat modeling. There's no threat modeling process presented in the video at all, no mention of STRIDE or DREAD or anything you hope to learn, just a quick verbal summary. Instead the instructor prefers to give tons of examples of hacks at big company and giggle at them. The video spends way more time on buffer overflow than threat modeling. Can't believe people are paying a fortune for this at MIT.
Increase speed in lecture videos its much better
@59:25 "x86 is little-endian (LSB in lower address), and the stack grows towards lower address." I got confused so just putting it out there
Security can be modeled as the difficulty of creating a simulation of one's
computations.
the first time I slowed down a lecture :D
when i just turned on the lecture, i thought that i still had 1.5x speed up on yt. the guy is amazing
Super amazing content. Just what i need.
Is this course useful for someone who has not taken any sort of computer science course and has little/no experience in coding? Or is there another lecture series I should start with?
We would recommend you start with 6.00SC and work your way up. (The course sequence to get here would be 6.00SC or 6.01SC or 6.001, 6.002 > 6.004 > 6.033 > 6.858). ocw.mit.edu/courses/electrical-engineering-and-computer-science/ Best wishes on your studies!
Thank you!
@@mitocw I appreciate you guys for sharing collective wisdom with all human beings!
note to camera person. Don't need to zoom or follow. Just leave it pointed at the board full frame.
thank you very much MITs
MIT Team,
Well done. This is fantastic and just in time. In Lecture 1, you mentioned you might hold a tutorial on how to dissect a binary and related items. Did you ever do that? Is there a recording or document describing this? I can't seem to find a good source for this sort of thing (outside of learning IDA Pro). Not a strong programmer so could use the help. Thanks for all the work you do to make this accessible.
+bryanmccaffrey1 yes. no. see episode 5 for more information @7:30
Professor has great posture for a CS ;)
Yup very nice ill make a donation here in a bit . I appriciate you guys very much.
Buffer Overflows 46:20
Great lecture with good examples like i-cloud
This is very educative..thank you for sharing
27:22 is that a transparent whiteboard? looks like a monitor behind it turned on.
Great speaker!Very interesting!!
loving this course
Прекрасные лекции! Люблю их больше чем водку! From Russia with love.
hmm nice i enjoy this so much and could listen to this all day... i will hahah :)
hello, thank you for your wonderful video, by any chance do you have any summary of this course ? if anyone have it i will be thank full to share it with me.
Here is the course description:
6.858 Computer Systems Security is a class about the design and implementation of secure computer systems. Lectures cover threat models, attacks that compromise security, and techniques for achieving security, based on recent research papers. Topics include operating system (OS) security, capabilities, information flow control, language security, network protocols, hardware security, and security in web applications.
For more info and materials, visit MIT OpenCourseWare at: ocw.mit.edu/6-858F14
Best wishes on your studies!
Great lecture. Thanks
The guy from the hangover movie
Mohamed Fouad lol
bredly cooper???
I love you sir ji good lecture
Excellent lecture, thx for sharing!
This is very good content.
great
hey ! Thanks for the wonderful work. I was wondering if this course will be helpful to someone who is targeting to become security analyst?
If you're analysing security and you know nothing about the weapon the attacker will use, how do you prepare? To answer your question, yes.
14:41 alright... so, would saying a word like "verb" followed by another word like "object" on a command line interface be considered a thread vector within this model of yours; make sense? 14:50 left 4 even... my password is ummm 15:51uhhh...
+metaheap 101 gets(12:00 AM/PM) -> main(53:48 FM)
gets(2:56) main(56:00) son of aaa... that one hurt :/
22:38 how threat models go wrong?
thank you very much
Can you provide for reference sources citing the three folded security approach (policy, tm and mechanisms)? Regarding the threat model, is there a generally accepted methodology you could mention (preferably free from product bias) specifically advised for system protection endevors ?
STRIDE is ok if you're starting out.
really awesome lecture, isn't it? We should propagate this kind of lectures through other medias also
Thank you very much Nickolai/MIT on simplifying Threat Model..... I found the GDB found a bit difficult to understand as I am not good with C and x86 assembly.. Can you please advise some resources to understand GDB and x86...
thank you once again for the interesting lecture.
x86 and C are the basics of computer programming, learn it from anywehre
Does anyone have any additional information about the DARPA secure OS backdoor story I was not able to find any related material. It is interesting to reflect today dependency confusion attack works.
you guys need to have an educational auditing service where students can submit papers and programs for grading and take proctored tests for credit. with the glut in the academic labor market and the sheer tonnage of hungry grad students you could farm the grading to the credentialed poor through something like Amazons Mechanical Turk. With all the syllabi, readings, open source systems and even lectures free on line there is no reason student's should have to mortgage themselves for an undergraduate degree. and by the same token there is no reason each class shouldn't have several million student's earning grades.
that is why we need to study in MIT
Are the course labs accessible for outside MIT students?. Anyone tried?
does someone know why LLDB on macOS throws error that it can't disassemle the $ebp+4 adress?
Can anyone explain what he is doing with the code? I don't understand what he is doing. Thanks
awesome video tutorials :) Thanks for sharing!
Why don't we have normal teachers that explain with such enthusiasm? ☹️
Because MIT, Harvard, Oxford etc professors doesn't have egos and attitude.
Congratulations excellent videos, could you please change the standard youtube license to creative common license, to be able to download the videos are no ethical dilemma. Thanks a lot for your valuable help.
You can use these videos without ethical dilemma as long as you follow our Creative Commons license (BY-NC-SA 4.0), see ocw.mit.edu/terms/ for details. The reason we do not use the RUclips Creative Commons license is because it doesn't match our license.
Fantastic!
5:50 .... "Secunty"?
Is there any chance of me getting hands on those Lab materials ? I need it.
Actually I just noticed, it's all on the website 😅 I've been saved by me 😁
Is there a more detailed explanation of that atoi conversion that writes 0 @ 1:01:00 ?
Are the labs available anywhere for students who are not enrolled in MIT?
Great course but the lecture is little too long...this lecture should have been broken down into two parts for class focus optimization. You can also listen to lecture with 2x the speed if you can absorb that fast.
Come to learn about threat modeling, learned bunch of stuff on assembly and buffer overrun hacks.
Can anyone tell me which paper they assigned to the class?
Hi i am very interested to be part of this class online, please help me how to connect.
Any pre-requisite courses for this... am getting lost really quickly
+Black Panda The syllabus page in the full OCW course site ocw.mit.edu/6-858F14 is where prerequisites are listed. In this case, 6.033 Computer System Engineering is the prerequisite: ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-033-computer-system-engineering-spring-2018/. Good luck with your studies!
is it possible to view the labs for this video?
Yes, the labs are available on MIT OpenCourseWare at ocw.mit.edu/6-858F14.
Should rename this to 1. Introduction, Buffer Overflows
Good thing that his is russian, i can understand what he says perfectly)
great lecture! great lecturer! thank you MIT!
Please, give us the lab.😢 This is very hard to implement without knowing how to do it.
The materials that we do have are available at ocw.mit.edu/6-858F14. Hope this helps!
Thank You! This actually helped, that is a first.
MIT OpenCourseWare wow thanks
What is most useful lunguage to learn
python
Where can I learn "what a binary program looks like, how to disassemble it, how to figure out whats on stack..." (as mentioned in 4:20)?
Also I wanted to know if it is possible to access the data stored in memory of one program using another program.
Playlist length: 29 Hours, 44 Minutes, 16 seconds
i dont see number 5 in play list
Arshad Danish classified
@53:30:00, the blackboard would be helpfull
+Peter Bright The lecture notes might be of some help, see the course on MIT OpenCourseWare (ocw.mit.edu/6-858F14) for the materials.
+MIT OpenCourseWare any chance the missing course within this series can be made available? else open-source... 2:10
For future readers: You can see the stack at 55:57
hi guys,
does any one have the books going with this courses please?
There does not seem to be a required textbook for this course. You should look at the Readings section of the course on MIT OpenCourseWare at ocw.mit.edu/6-858F14 for more information.