CSC 495/583 Topics of Software Security

2017-Fall Course Website

Advisor: Si Chen

Course Logo

Course Overview

OllyDbg

  • The legal aspects of reverse engineering.
  • Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
  • The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

  • Basic programming concepts (e.g. complete Java I, II)
  • Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
  • Familiar with Unix/Linux including the command-line shell and gdb
  • Familiar with Intel x86 assembly language and architecture
  • Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

  1. Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
  2. Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
  3. Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

# Date Topic Slides Supporting Materials
C1 Aug 29, 2017 Introduction ch01.pptx
C2 Aug 31, 2017 IA-32 Register, Byte Ordering, x86 ASM, Stack ch02.pptx Stack.exe abexcm1-voiees.exe LittleEndian.exe LittleEndian.cpp HelloWorld.exe
C3 Sep 5, 2017 Stack Frame, Calling Convention ch03.pptx stack.py StackFrame.exe StackFrame.cpp cdecl.exe stdcall.exe
C4 Sep 7, 2017 Calling Convention, System Call ch04.pptx helloworld.asm shell.asm
C5 Sep 12, 2017 Stack Overflow (1) ch05.pptx buffer.c buffer2.c overflow.c
C6 Sep 14, 2017 Stack Overflow (2) ch06.pptx shellcode.asm
L1 Sep 14, 2017 Lab: Buffer Overflow
lab1.pdf lab1.c VM image for Lab1
Username: quake0day Password: chensi
C7 Sep 19, 2017 StackGuard, Format String Bug ch07.pptx fmt_wrong.c fmt.c fmt_write.c fmt_write2.c
R1 Sep 19, 2017 Reading Question 1: BlueBorne
homework1.pdf blueborne technical paper Video (smartwatch takeover)
C8 Sep 21, 2017 Return-oriented programming (ROP) ch08.pptx sample.c ROPgagdet
C9 Sep 26, 2017 ROP Example, Web Security ch09.pptx rop.c
C10 Sep 28, 2017 Web Security(2): SQL Injection, Upload Hacking, Session Hijacking, XSS, CSRF ch10.pptx
C11 Oct 3, 2017 Heap Exploitation ch11.pptx sizes.c
C12 Oct 5, 2017 Heap Exploitation (2) ch12.pptx heap0.c
C13 Oct 12, 2017 Internet of Things (IoT) Security, Mobile Application Security (1) ch13.pptx
L2 Oct 12, 2017 Lab: Return-oriented programming (ROP)
lab2.pdf lab2.c VM image for Lab2
Username: quake0day Password: chensi
R2 Oct 12, 2017 Reading Question 2: Jump-Oriented Programing
homework2.pdf Jump-oriented programming: a new class of code-reuse attack
C14 Oct 17, 2017 Internet of Things (IoT) Security, Mobile Application Security (2) ch14.pptx
C15 Oct 19, 2017 Web Browser Security (1) ch15.pptx Apple.com (Literally :) Status Bar Spoofing Vulnerability

Tutorials and Supporting Materials