Cybersecurity & Tech

A Lawfare Hacking and Cybersecurity Course

Sean O'Brien, Scott Shapiro, Benjamin Wittes
Wednesday, August 31, 2022, 11:35 AM

On Tuesday evenings starting on Sept. 20, you can take a live hacking class on Lawfare. Join us!

Published by The Lawfare Institute
in Cooperation With
Brookings

We are delighted to announce a first on Lawfare: A live online class on hacking and cybersecurity.

The live-course will be open to Lawfare’s material supporters, and we will edit and post each recorded class session onto YouTube as videos that will amount to a public course on computer hacking. 

Whether one joins live or watches the videos later, students will learn to use virtual machines to "hack" other virtual machines using standard attacks such as packet sniffing, buffer overflow, IP spoofing, certification forgery, Person-in-the-middle, SQL injection and Cross site scripting. 

The course, which Scott will teach with Sean O’Brien, will train students to understand cybersecurity and networking concepts, not only to help them protect themselves, but also so that they may better engage issues at the policy and regulatory level. 

No prior computer programming experience is necessary. 

We will be holding each class live Tuesday evenings between 7:00 pm and 8:00 pm ET throughout the fall semester. The edited videos from each class session will be posted on Lawfare. Students in the live class may submit their hacks for an end of the semester competition, and we will devote a few classes to examining the best hacks. 

The live classes will take place on a platform called Crowdcast, which will be familiar to viewers of Lawfare Live and the In Lieu of Fun show—which we co-host with two other friends. Live participants will be able to engage with the instruction directly and in real time, ask questions, and get their work evaluated in the context of the competition. The ultimate product will be free instructional videos available to anyone. 

If you want to take the course live, please sign up for it here

Among other things, this course will be an experiment in Lawfare’s ability to make online courses, using both live formats and edited video. If it works, we may do more of it in a fashion designed to provide both an interactive live experience for Lawfare Material Supporters and a public resource for everyone. 

Below is a brief syllabus for the course. 

As we create the individual videos, we will embed them on this page. 

Course Websites: Various resources for the class will be made available on this Github site. These will include lecture slides, project source code, and student hacks.

Technical Requirements: The class will make use of Virtual Machines (VMs) and VirtualBox to run them. Please see here for instructions and required files. 

The following is a week-by-week overview of the course: 

Week 1, September 20, 2022: Practical Cybersecurity

  1. Our Approach
  2. Information Security
  3. Confidentiality Integrity
  4. Availability
  5. Introduction: Virtualization
  6. Command Line Interface (CLI)
  7. The File-system Tree

powered by Crowdcast

Week 2, September 27, 2022: Get to Know Your Operating System 

  1. Admin / Root Access
  2. The Kernel
  3. User space
  4. Processes
  5. Rootkits

powered by Crowdcast

Week 3, October 11, 2022: Identity & Access Control

  1. Permissions as a Structural Design for Security
  2. Creating Users & Groups
  3. Authentication
  4. Principle of Least Privilege
  5. Sandboxing & Isolation
  6. Privilege Escalation Attacks
  7. ACLs
  8. Breaking etc/shadow
  9. Credentials & cracking

powered by Crowdcast

Week 4, October 18, 2022: Computers & Operating Systems 

  1. Which ones exist? 
    1. Unix
    2. Linux 
    3. macOS 
    4. DOS
    5. Windows 
    6. Android 
    7. iOS
  2. Compare & contrast
  3. Other computers
    1. Mainframes
    2. IoT
    3. Industrial Control Systems 
    4. Cars, Planes & Ships, …
  4. Person-in-the-Middle Attacks

powered by Crowdcast

Week 5, October 25: Networking I 

  1. Networking History
  2. Client/Server Model
  3. Networking Models (OSI & TCP/IP)
  4. Physical & Internet Infrastructure
  5. TCP/IP & UDP
  6. Changing Your Network Identification

powered by Crowdcast

Week 6, November 3: Networking II

  1. Request/Response via the Web
  2. State
  3. Ports, Sockets & Session Management
  4. Network Address Translation (NAT) & Network Devices
  5. Virtual Private Networks
  6. Distributed Denial-of-Service (DDoS)

powered by Crowdcast

Week 7, November 8: Encryption 

  1. Obfuscation & Hashes
  2. Public/Private Key
  3. RSA algorithm
  4. HTTP Encryption (SSL/TLS)
  5. Email Encryption (PGP/GPG)
  6. Certificates
  7. Weaknesses
  8. Back-doors

powered by Crowdcast

Week 8, November 15: Networking III

  1. Identifiers: Domain Names & the DNS
  2. DNS, IP addresses & Policy
  3. Firewalls
  4. Proxies & Reverse Proxies
  5. Network-based Intrusion Detection & Prevention Systems
  6. Content Delivery Networks & Anycast

powered by Crowdcast

Week 9, November 29: Penetration Testing

  1. Delivering Payloads
  2. SQL Injection Attacks
  3. Metasploit Framework
  4. Using Metasploit

powered by Crowdcast

Week 10, December 6: Anonymity & The Dark Web 

  1. Onion Routing (Tor)
  2. Censorship Circumvention
  3. Configuring Tor
  4. Sharing Files Anonymously

powered by Crowdcast

Week 11, December 13: Chains of Trust 

  1. Trusted Software Distribution
  2. Software Verification
  3. Hardware Assurance
  4. Certification: TCSEC, ITSEC, CTCPEC, and Common Criteria
  5. Free & Open-Source Software
  6. Open-Source Hardware

powered by Crowdcast

Week 12, December 20: Cybercrime 

  1. Types of Cybercrimes
  2. Varieties of Malware
  3. Fraud & Phishing
  4. Data Breaches
  5. Crime as a Service
  6. Cryptocurrencies & Transactions
  7. Challenges for Attack Attribution
  8. Social Engineering

powered by Crowdcast

Week 13, January 3: Review of Hacks I

powered by Crowdcast

Week 14, January 10: Review of Hacks II

powered by Crowdcast


Sean O’Brien is a subject-matter expert in cybersecurity, privacy, Web3, and Free and Open Source Software (FOSS). Sean teaches classes on Web3 and Blockchain at Yale as well as Hacking and Cybersecurity at Lawfare. He is a Visiting Fellow at the Information Society Project at Yale Law School, where he founded and leads the Privacy Lab initiative.
Scott J. Shapiro is the Charles F. Southmayd Professor of Law and Professor of Philosophy at Yale Law School, where he is the Director of the Centre for Law and Philosophy. He is also the Visiting Quain Professor of Jurisprudence at University College, London. He earned his BA and PhD degrees in philosophy from Columbia University and a JD from Yale Law School. He is the author of The Internationalists (with Oona Hathaway), Legality and editor of The Oxford Handbook of Jurisprudence and the Philosophy of Law.
Benjamin Wittes is editor in chief of Lawfare and a Senior Fellow in Governance Studies at the Brookings Institution. He is the author of several books.

Subscribe to Lawfare