CSC 472/583 Software Security

2020-Fall Course Website

Advisor: Si Chen

Course Logo

Course Overview

OllyDbg

This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.
  • The legal aspects of reverse engineering.
  • Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
  • The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

  • Basic programming concepts (e.g. complete Java I, II)
  • Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
  • Familiar with Unix/Linux including the command-line shell and gdb
  • Familiar with Intel x86 assembly language and architecture
  • Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

  1. Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
  2. Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
  3. Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

# Date Topic Slides Supporting Materials
Class 1 Aug 24, 2020 Introduction [Video] ch01.pdf
Class 2 Sep 04, 2020 IA-32 Register, Byte Ordering, x86 ASM [Video] ch02.pdf
  • little_endian.c
  • MobaXterm
  • How to connect to Badger CTF (Windows)
  • How to connect to Badger CTF (MacOS, Linux)
  • Class 3 Sep 11, 2020 Stack and Stack Frame [Video] ch03.pdf
  • asmreview.asm
  • asmreview2.asm
  • stack.asm
  • StackFrame.c
  • Lab 1
    (5 points)
    Sep 11, 2020 Lab: Stack and Stack Frame
    lab1.pdf
  • lab1.c
  • How to connect to Badger CTF (Windows)
  • How to connect to Badger CTF (MacOS, Linux)
  • Class 4 Sep 18, 2020 System Call and Shellcode [Video] ch04.pdf
  • helloworld.asm
  • hello.asm
  • test.c
  • Class 5 Sep 26, 2020 Stack Overflow [Video] ch05.pdf
  • buffer.c
  • buffer2.c
  • overflow.c
  • attack.py
  • overflow2.c
  • attack2.py
  • Lab 2
    (5 points)
    Oct 1, 2020 Lab: Stack Overflow
    lab2.pdf
  • lab2.c
  • exploit.py (template)
  • How to connect to Badger CTF (Windows)
  • How to connect to Badger CTF (MacOS, Linux)
  • Class 6 Oct 08, 2020 Return-oriented Programming (ROP) [Video] ch06.pdf
  • rop.c
  • rop.py
  • overflow.c
  • rop2.py
  • ROPgadget
  • Lab 3
    (5 points)
    Oct 8, 2020 Lab: Return-oriented Programming (ROP)
    lab3.pdf
  • lab3.c
  • rop_exp.py (template)
  • How to connect to Badger CTF (Windows)
  • How to connect to Badger CTF (MacOS, Linux)
  • Class 7 Oct 18, 2020 Return-to-libc attack & ASLR [Video] ch07.pdf
  • reveal_address.c
  • ret2lib.c
  • ret2lib_Exploit.py
  • libc-database
  • Lab 4
    (5 points)
    Oct 18, 2020 Lab: Return-to-libc attack
    lab4.pdf
  • lab4.c
  • return2libc.py (template)
  • How to connect to Badger CTF (Windows)
  • How to connect to Badger CTF (MacOS, Linux)
  • Class 8 Nov 02, 2020 PLT, GOT & Return-to-plt Attack & GOT Overwrite Attack [Video] ch08.pdf
  • ret2plt.c
  • ret2plt.py
  • bypassGOT.c
  • exp_GOT.py
  • libc-database
  • Class 9 Nov 13, 2020 Multi-Stage Exploits, StackGuard & Format String Bug [Video] ch09.pdf multi_stage.c exp_multi_stage.py easy_canary_32.c easy_canary_exp_32.py easy_canary_64.c easy_canary_exp_64.py fmt_write.c fmt_wrong.c fmtstr.c fmtstr_exp.py
    Lab 5
    (5 points)
    Nov 14, 2020 Lab: Multi-Stage Exploits
    Target IP: 144.26.62.188
    Target Port: 7777
    Vulnerable program: lab5 (lab5.c)
    Target File (flag): flag
    ASLR/NX is on, StackGuard and PIE is off
    Hint Libc version:libc6-i386_2.31-0ubuntu9.1_amd64 [Link]
  • Remote Binary file --> lab5
  • lab5.c
  • lab5_exp.py
  • How to connect to Badger CTF (Windows)
  • How to connect to Badger CTF (MacOS, Linux)
  • Final Project
    (40 points)
    Nov 24, 2020 "Very Safe()"
    Target IP: 144.26.62.184
    Target Port: 8888
    Vulnerable program: final(final.c)
    Target File (flag): flag
    ASLR/NX and StackGuard are on, PIE is off
    Hint Libc version:libc6-i386_2.31-0ubuntu9.1_amd64 [Link]
  • Remote Binary file --> final_remote
  • final.c
  • final_exp.py
  • How to connect to Badger CTF (Windows)
  • How to connect to Badger CTF (MacOS, Linux)
  • Tutorials and Supporting Materials