Note: Due to the passage of time, there are some details that I may have forgotten. Where applicable, this will be mentioned. Also, this post resumes where I left off after my internship hence there is an extra 10AU added into the computation in case you're wondering why the AU math doesn't add up. Also, FYP is an 8AU module but for calculation purposes, I split the AU count into 2 x 4AU per sem. Therefore, each sem will have 4AU for FYP. However in terms of grades, FYP is still considered In-Progress (IP) in Y4S1.
---
Y4S1: Aug 2021 - Dec 2022
General comments on what I did well, what I could have improved on etc will be included at the end of the post. I will also update the final results when they are out.
Each course is broken up into the following parts:
1. Marks and assessment component of the course
2. Course mechanics
3. Short Intro
4. Easy parts
5. Difficult parts
6. Exams/ final paper
7. Tips to do well
8. Overview/ my personal (MIGHT BE BIASED) comments
YEAR 4 SEMESTER 1 (15AU):
MAJ-CORE: EE4080 FINAL YEAR PROJECT (4AU), IP
MAJ-PRESCRIBED: EE6108 COMPUTER NETWORKS (3AU), GRADED
MAJ-PRESCRIBED: EE4717 WEB APPLICATION DESIGN (2AU), GRADED
GER-UE: CZ4070: CYBER THREAT INTELLIGENCE (3AU), (NON-GRADED; S/U EXERCISED)
GER-UE: SS9106: NETBALL (3AU), (NON-GRADED; S/U EXERCISED)
CORE/MPE AU CLEARD: 81/61, TOTAL GRADED COURSES: 93/69, TOTAL AU CLEARED: 132/141
Note: I leave out the review for SS9106 NETBALL because I do not remember too much of the course details e.g. assessment, content taught etc to write a proper review about it. Since these are important to a course review, I think that it would not make sense to review a course if I've forgotten almost everything about this course.
=== REVIEW PORTION ===
EE4080 - Final Year Project (Y4S1/-)
Lecturer: -
Faculty in charge: Assoc Prof Yakoob, with input from Mr Florian Gondesen Max from SCSE (he's a Dr now)
Marks and Assessment
[I do not remember clearly what the assessment rubrics were. Below is roughly what I can remember.]
Project Plan/Strategy: ???
Interim Report: ???
Final Report Draft: ???
Final Presentation: ???
Overall Grade: -
Course Mechanics
Throughout the 2 semesters, there are various deadlines to meet to ensure that the student is consistent in their work. For example, the Project Plan/Strategy is required to be submitted to your supervisor 6 weeks into the first semester for them to get an idea of what you would like to do. There is also an interim report that documents your progress at the point of submission, and a final report draft towards the end. The FYP experience culminates in a Final Presentation to both your supervisor and another faculty member (I'm not sure if there can be more than this 2-man panel, but in my case it was only Prof Yakoob and Dr Chan Chee Keong). Also, I recall that somewhere in Semester 2, I had to drop by some professor's office to brief them on my FYP (think it was Dr Chan... anyway, this was a required assessment component but I do not include it in the Marks and Assessment section because I don't remember what the official component was called).
After your final presentation, you are required to submit the final report to your supervisor and examiner before the FYP is considered complete.
Short Intro
Final Year Project is taken in the final year before graduation (no surprises there...) and lasts throughout the whole academic year i.e. 2 semesters. Before the final year begins, students are given a choice to "bid" for the project of their interest sometime after end of Y3S2. Some luck is required to get your desired project/supervisor. Otherwise, you are free to approach a faculty member and propose your own idea. In my case, I went with my own research idea.
One interesting thing I did for my FYP was that prior to my final year starting, I sent emails to various professors outside of EEE (specifically, to SCSE) in a bid to introduce myself to them and see if there were any interesting offensive security-related projects that they were working on. I got a couple of responses and Dr Lam Kwok Yan directed me to work with his Research Engineer (Florian) for my project.
The TL;DR of my project was that I recreated a couple of virtual machines with known vulnerabilities for CTF purposes. At the time, the Log4j vulnerability had just been discovered, so I went ahead with that and searched for an open source application that had a working proof-of-concept available for me to replicate. The link to my project can be found here.
Easy parts
I was lucky that I had somewhat of a consistently clear roadmap for what I wanted to do for my FYP. While my initial intention was to create something like a vulnerable network, I ended up with only a few vulnerable VMs because of resource and manpower constraints (obviously nobody would invest in constructing a vulnerable network LOL). Regardless, I think that not all projects would have had a similar and consistent "general direction" that mine had, which was to create something weak and demonstrate how to exploit it. I know of at least one acquaintance who spent most of his FYP struggling to set up some Linux gadget (?) so it illustrates the challenge of having an FYP where you are fairly confident of achieving the objectives within the specified FYP timeframe.
Hard parts
I think the hard parts would come from the guidance received. While I mentioned that I had Florian to help, the reality that I was on my own most of the time. A lot of my work came from existing prototypes from online sources such as TryHackMe and the OSCP course syllabus. To be fair, I can't really blame my supervisors for not being well-informed about zero-day developments. After all, these kinds of things are pretty niche and it is understandable that most people would not be as updated if they were not "in" the field to begin with (much less for academics).
Exams / final paper
There is no written exam. As mentioned, you are only required to do a final presentation and submit the final report after the presentation. Other than that, there are the regular check-ins that hold marks as well i.e. your Interim Report etc.
Tips to do well
Find a topic that you are interested to try and be prepared for the possibility that you're probably the only one who will be doing the work with minimal help/guidance. One professor can have numerous students that they are in charge of, so most of the time you will be on your own as was my case (also the fact that I don't think the people who were supervising me were exceptionally well-versed in what I was doing as well so...).
Final year is usually the time to start the job search so you can use what you're doing in FYP to market yourself to potential employers. In my case, I showcased my project in an interview and they asked me questions based off what I had done. Make no mistake, the questions were not easy to answer but I think by spending time and effort into your project, there is bound to be some basic level of questioning that you should be able to answer.
Overview / my personal (MIGHT BE BIASED) comments
I think that FYP is a good opportunity for one to explore a topic that they are interested in. In my case, I wanted to try recreating a very popular vulnerability while gaining some sysadmin experience. At that time I was also doing my OSCP, so I took the chance to make a couple of boxes that were inspired by my time doing the labs.
After my presentation, I also had the chance to present to Florian and Dr Sourav Gupta on what I had done in my FYP (this was a separate presentation that had nothing to do with my FYP). I am quite thankful that I was given a platform to speak outside of the official curriculum. :)
==
EE6108 - Computer Networks (Y4S1/3AU)
Lecturer: Dr Michelle (Part 1), Dr Xiao Gaoxi (Part 2)
Tutor: - (don't think there were tutorials for this course; everything was held online)
Marks and Assessment
CA1 Quiz (10%)
CA2 Assignment (10%)
Finals (80%)
Course Mechanics
13 weeks of lectures where the week 1 - week 7 are lectured by Dr Michelle and week 8 - week 13 are lectured by Dr Xiao Gaoxi. Continuous Assessment (CA) makes up 20% of the course marks while the final paper makes up 80% of the course marks.
CA1 is held during the week 7 session followed by a Summary & Revision component for Dr Michelle's part of the course. Can't remember when the CA2 Assignment was given out.
Short Intro
EE6108 is a Masters-level course. During my time, it was introduced as a replacement for a similar course EE4761 that had just been deprecated. This course is the follow up of EE3017 and delves deeper into Networking than what EE3017 covered. The first few lectures will be familiar if you've taken EE3017 prior to taking EE6018 (then again, I think the pre-requisite to taking EE6108 is to have taken EE3017).
The course touches on almost (if not) all the TCP/IP layers and protocols such as SPF, BGP etc. There's are calculations to be done which can range from calculating rates of XXX to calculating subnets. Knowledge of EE6108 is useful when taking EE4718 Enterprise Network Design due to the heavy emphasis of designing subnets for individual groups of end-hosts.
Easy parts
This course is not necessarily "easy". It is pretty content-heavy since it is meant for postgraduate study. I am not sure if undergraduate grading was done concurrently with postgraduate students, or if they separated the curve for UG vs PG.
That said, I think Dr Michelle makes a very good effort when teaching her part of the course. She made it a point to go through exercises at the very low level so it was easy to understand as long as you followed through the sessions. Don't remember how it was for Dr Gao, but I think during his second half of the course, I got so disinterested that I went to YouTube for the relevant content (the teaching materials are pretty public and I remember that there were YouTube videos teaching using the almost-exact materials as the one provided in EE6108). I felt that the online videos were better at keeping my attention span and taught in such a way that I understood better than how Dr Gao was explaining.
Hard parts
Again, the course content is a lot and personally, I couldn't see the usage of some of the content in the real world. I felt that most of the stuff I couldn't appreciate came from Dr Gao's portion since he was... not-so-good at teaching. I suppose it could have also been due to me not successfully covering everything that was taught.
Contrary to EE3017, I don't think I did a follow-up for this module after the semester ended. This is because I had already gotten a job and was preparing for the new phase to transition from being a student into the working world.
Exams/final paper
There is a final paper for this. As with EE3017, half of the questions were by Dr Michelle and the half by Dr Gao. The revision summary conducted by Dr Michelle in Week 7 is important as she gives out tips for her part of the paper.
Tips to do well
Refer to the tips for EE3017 in my Y3S1 review since EE108 follows closely to it. The only difference is that there is no IRA and lab in EE6108. That said, Dr Michelle did ask during the course if we would prefer doing some Cisco labs as part of our assessment, which everyone voted strongly against LOL. However in subsequent runs of this course since I left, I think she was saying that she wanted to design a lab or something so the assessment rubrics is likely to be different from the one in this review.
Overview / my personal (MIGHT BE BIASED) comments
I relied on Dr Michelle's teaching for the first part of the course and found that it was sufficient to understand and do the work. In fact, I don't think I was able to find a replacement online to teach her part of the course. Thankfully this was not needed since she was such a good lecturer.
For Dr Gao, I'm just relieved that there were online lectures available for me to refer to. This needs no further comment.
Overall, I think this is a very interesting module to further one's understanding on computer networks, and I took it because I wanted to follow up on my learning from EE3017 + build up my foundation to understand network security concepts (while the course doesn't have anything to do with security, Dr Michelle said she wanted to incorporate network security elements for future runs of the course). If I had a wish for this course, it would be for her to take over the full run of it (plus the EE3017 one) because her way of teaching and her solutions are quite intuitive to follow.
==
EE4717 -Web Application Design (Y4S1/2AU)
Lecturer: Pre-recorded lectures, part 1 was done by Assoc Prof Chong Yong Kim and part 2 was done by Dr Muhammed Faeyz Karim / Dr Wesley Tan
Tutor: Dr Wesley Tan (if I recall correctly, he was the tutor for my group)
Marks and Assessment
CA Progress Assessment 1 [15m]
CA Progress Assessment 2 [15m]
CA Project Report (Design) Document [20m]
CA Project Report [20m]
CA Project Demo [30m]
Finals (50%) -> open book
Note: all CA components are summed to 100 marks, which constitutes 50% of the total grade.
Course Mechanics
The two Progress Assessments are based given out by week 4 and week 9 respectively, and are based on Case Studies from the course. In addition to this, you will pair up with another student in the tutorial class and both of you will have to do a Group Project. The Project Report (Design) Document is due by Week 6 and the Project Demo + Project Report are due by Week 13. Thereafter, there will be a written final exam where you are allowed to bring in your cheatsheet.
Easy parts
This course is not easy because of the sheer content-to-AU ratio. Just by number of things to hand up, it is probably the most demanding course in the semester. Add on that you are literally designing a fully functioning web application from scratch, and it can get quite overwhelming. Refer to next section for elaboration.
Hard parts
The "context" for PA1 an PA2 is actually freely available online. This course uses the JavaJam web application to teach the different components of web application design and the PAs are usually some form of twist to the lecture content. However, it requires some creativity and understanding of the lecture content to solve the PAs because they ask you to do some basic design to the JavaJam web app that is not direct taught.
The project (all 3 components of it) is probably the biggest pain of this course. As mentioned, you and your partner are required to come up with a fully functioning web application that has certain features such as forms and a backend database. Given that both of us (and many students in the course) were very new to web application design, we struggled a lot to get a minimum viable product by the deadline. Ultimately, we had to resort to getting code from some GitHub from a senior who cleared the module long before us.
Exams/final paper
I felt that the final exam was intended to overwhelm students by the sheer amount of things there were to do. From creating user stories to writing SQL statements, the exam was obviously not intended to be finished within the given time. It did not help that we had to hand-write code that would otherwise be done in VSC in real-life, which I felt did not reflect what a real final exam should be.
Tips to do well
I honestly have no idea... This course doesn't seem to be made for beginners. I only took this because it was required for my Computer Engineering specialization. I did not expect it to take up such a disproportionate amount of time.
Overview / my personal (MIGHT BE BIASED) comments
The workload-to-AU ratio for this course is insane. If not for the ready-made solutions that my lab partner hunted from GitHub, we would have been well and truly screwed. I don't think the course itself is difficult, it's just that there's just too little time to cover the amount of content that was planned for the course. This is one of those courses that you need prior experience to stand a chance in doing well in.
==
CZ4070 - Cyber Threat Intelligence (Y4S1/3AU)
Instructor: Lim Yihao (from Mandiant)
Tutor: No tutorial
Marks and Assessment
Pretty much forgot, but I remember there was a final, some random group presentation, maybe a quiz...?
Course Mechanics
There is a one physical session held every week throughout the semester. Week 1 is mainly to get to know everyone in class (class size is small, around 10 students) as well as to get the pairings together. Everyone is given an individual etude to practice by mid-semester and then the final concert is held either week 12 or 13 (can't remember). For every week's session, it will usually be some form of music theory/history of piano etc, before everyone breaks into their pairs to practice for the concert. Throughout the course, Ms Yeong will coach each pair to help them prepare for the final concert. Somewhere around the middle of the semester, each pair has to present on the progress of their practice.
Easy parts
I felt that this course had an easy vibe to it. Most of the time, I was just tuning in to the lectures to listen to the lecturer ramble about some Threat Intelligence stuff. To his credit, I think he did make an effort to make the course more engaging by having things like Class Activities where we broke into groups and did a bit of research to present on assigned topics. The final exam was alright too, mainly because I went in with the SU mindset HAHAHA. Also, there was one session where an external guest was invited to sit in on the lecture and give his own experience. I think the lecturer got in from Mandiant as well.
Hard parts
The group project required us to do some research on the topic "Which industries are more prone to ransomware threats?". Other groups got similar topics. However, there was little to no guidance on how to do the research. We were told to do web scraping for data on this topic (e.g. which industries, why these industries etc) and display them in a visualization. The only "help" we were given was a link to download Kali LOLLL. That's pretty much it. Not even a suggestion on which tool to use or anything.
Also, the lecturer states upfront that this module was not meant to be a technical course. There was no heavy coding (none actually) involved. Just a note in case readers are curious whether this course involves coding and technical knowledge.
Exams/final paper
The exam is alright, nothing too crazy. It doesn't require any long explanations or calculations and most of it were pretty simple stuff like matching A to B (?) or things like that (e.g. short answer questions). I felt that the final exam was kind of kindergarten-ish in terms of the exam format.
Tips to do well
I wouldn't know because I had the SU mentality for this course and left early during the final exam HAHAHA.
Overview / my personal (MIGHT BE BIASED) comments
I took this course out of pure curiosity. As I had already started studying my OSCP in this semester, I wanted to try a cyber-related course to zhng up my resume and expose myself to different fields of cybersecurity (CTI =/= VAPT). Do I regret taking this course? I don't know... there's no inherent regret, so I suppose I'd be neutral about retaking this course again if I had to. The lecturer is quite nice though: I had a brief conversation with him once about crossing into cybersecurity from STEM and he was like "any company who discriminates against STEM when hiring for security roles are outdated; you won't want to be in that company anyway". LOL.
