Hi all, since we’ve already finished all the lectures, we do not have any new lectures before the final (No class on Dec 5/7, 2017), instead, please work on our final project. I’ll be in my office to answer any questions that you may have relate to the final project. The classroom is also reserved, you can access it during lecture time .
Feel free to contact me if you need my help.
Course Overview
- The legal aspects of reverse engineering.
- Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
- The general principles behind malicious software and how reverse engineering is applied to study such program.
Hint for Final Project is now available: [link]
Lab2 walkthrough is now available: [link]
Lab1 walkthrough is now available: [link]
Course Syllabus is now available: [download]
Expected Background
- Basic programming concepts (e.g. complete Java I, II)
- Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
- Familiar with Unix/Linux including the command-line shell and gdb
- Familiar with Intel x86 assembly language and architecture
- Familiar with web programming concepts (HTML, HTTP, TCP, network communications)
Textbook
No Textbook
Reference book:
- Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
- Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
- Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818
Course Content
| # | Date | Topic | Slides | Supporting Materials |
|---|---|---|---|---|
| C1 | Aug 29, 2017 | Introduction | ch01.pptx | |
| C2 | Aug 31, 2017 | IA-32 Register, Byte Ordering, x86 ASM, Stack | ch02.pptx | Stack.exe abexcm1-voiees.exe LittleEndian.exe LittleEndian.cpp HelloWorld.exe |
| C3 | Sep 5, 2017 | Stack Frame, Calling Convention | ch03.pptx | stack.py StackFrame.exe StackFrame.cpp cdecl.exe stdcall.exe |
| C4 | Sep 7, 2017 | Calling Convention, System Call | ch04.pptx | helloworld.asm shell.asm |
| C5 | Sep 12, 2017 | Stack Overflow (1) | ch05.pptx | buffer.c buffer2.c overflow.c |
| C6 | Sep 14, 2017 | Stack Overflow (2) | ch06.pptx | shellcode.asm |
| L1 | Sep 14, 2017 | Lab: Buffer Overflow
Due on: 10/03/2017
|
lab1.pdf |
lab1.c
VM image for Lab1 Username: quake0day Password: chensi
|
| C7 | Sep 19, 2017 | StackGuard, Format String Bug | ch07.pptx | fmt_wrong.c fmt.c fmt_write.c fmt_write2.c |
| R1 | Sep 19, 2017 | Reading Question 1: BlueBorne
Due on: 10/05/2017
|
homework1.pdf | blueborne technical paper Video (smartwatch takeover) |
| C8 | Sep 21, 2017 | Return-oriented programming (ROP) | ch08.pptx | sample.c ROPgagdet |
| C9 | Sep 26, 2017 | ROP Example, Web Security | ch09.pptx | rop.c |
| C10 | Sep 28, 2017 | Web Security(2): SQL Injection, Upload Hacking, Session Hijacking, XSS, CSRF | ch10.pptx | |
| C11 | Oct 3, 2017 | Heap Exploitation | ch11.pptx | sizes.c |
| C12 | Oct 5, 2017 | Heap Exploitation (2) | ch12.pptx | heap0.c |
| C13 | Oct 12, 2017 | Internet of Things (IoT) Security, Mobile Application Security (1) | ch13.pptx | |
| L2 | Oct 12, 2017 | Lab: Return-oriented programming (ROP)
Due on: 10/29/2017
|
lab2.pdf |
lab2.c
VM image for Lab2 Username: quake0day Password: chensi
|
| R2 | Oct 12, 2017 | Reading Question 2: Jump-Oriented Programing
Due on: 10/31/2017
|
homework2.pdf | Jump-oriented programming: a new class of code-reuse attack |
| C14 | Oct 17, 2017 | Internet of Things (IoT) Security, Mobile Application Security (2) | ch14.pptx | |
| C15 | Oct 19, 2017 | Web Browser Security (1) | ch15.pptx | Apple.com (Literally :) Status Bar Spoofing Vulnerability |
| C16 | Oct 26, 2017 | Web Browser Security (2) | ch16.pptx | Cure53 Browser Security White Paper X41 D-SEC GMBH RELEASES BROWSER SECURITY WHITE PAPER |
| C17 | Oct 31, 2017 | Anti-Virus & Detection Techniques | ch17.pptx | |
| C18 | Nov 2, 2017 | Secure Systems & Hacking Game Consoles | ch18.pptx | ECDSA Breaking ECDSA (Video) PS3 Developer Wiki |
| C19 | Nov 7, 2017 | Integer Security & Uninitialized Data | ch19.pptx | integer.c Understanding Integer Overflow in C/C++ Integer Undefined Behaviors in Open Source Crypto Libraries |
| L3 | Nov 7, 2017 | Lab: Heap Overflow
Due on: 11/16/2017
|
lab3.pdf |
lab3.c
Virtual Machine image for Lab3 Username: root Password: toor |
| C20 | Nov 14, 2017 | Malware | ch20.pptx | Using CreateRemoteThread for DLL Injection on Windows Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques |
| Final Project | Nov 15, 2017 | Final Project
Due on: 12/16/2017
|
IP:23.239.23.84 Port:9999 Exploit this server, and show me the secret stored in file flag.txt |
final1.c attack.py |
| C21 | Nov 16, 2017 | Side Channel Attack | ch21.pptx | ChipWhisperer Wiki rhme-2016 - Side Channel Analysis |
| C22 | Nov 21, 2017 | Authentication | ch22.pptx | SoundAuth Video |
| C23 | Nov 28, 2017 | Kernel Exploitation | ch23.pptx | credentials exploit.ova |
| C24 | Nov 30, 2017 | The Future of Software Security | ch24.pptx | |
| R3 | Nov 30, 2017 | Reading Question 3: Blockchain
Due on: 12/16/2017
|
homework3.pdf | Blockchain papers |
Tutorials and Supporting Materials
- Download OllyDbg for Windows
- Download VirtualBox
- Get Manjaro (Arch Linux)
- Manjaro User Guide
- RMS's gdb Tutorial
- Virtual Machine image for Lab1 and Lab2
Username: quake0day Password: chensi - Virtual Machine image for Lab3
Username: root Password: toor