This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.
# | Date | Topic | Slides | Supporting Materials |
---|---|---|---|---|
Class 1 | Aug 30, 2021 | Introduction | ch01.pdf | |
Class 2 | Sep 01, 2021 | IA-32 Register, Byte Ordering | ch02.pdf |
|
Class 3 | Sep 13, 2021 | x86 ASM, Stack | ch03.pdf |
|
Class 4 | Sep 15, 2021 | Stack Frame | ch04.pdf |
|
Lab 1 (10 points) |
Sep 15, 2021 | Lab: Stack and Stack Frame
Due on: 09/27/2021 23:59:59
|
lab1.pdf |
|
Class 5 | Sep 20, 2021 | System Call & Shellcode | ch05.pdf |
|
Class 6 | Sep 23, 2021 | Stack Overflow (1) | ch06.pdf |
|
Class 7 | Sep 27, 2021 | Stack Overflow (2)[Video] Online Asynchronous |
ch07.pdf |
|
Class 8 | Sep 29, 2021 | Return-oriented Programming (ROP) (1) | ch08.pdf |
|
Lab 2 (10 points) |
Sep 29, 2021 | Lab: Stack Overflow
Due on: 10/11/2021 23:59:59
|
lab2.pdf |
|
Class 9 | Oct 04, 2021 | Return-oriented Programming (ROP) (2) & Return-to-libc Attack | ch09.pdf |
|
Class 10 | Oct 06, 2021 | PLT, GOT & Return-to-plt Attack (Bypassing ASLR/NX) | ch10.pdf |
|
Class 11 | Oct 11, 2021 | GOT Overwrite Attack | ch11.pdf |
|
Lab 3 (10 points) |
Oct 11, 2021 | Lab: Return-oriented Programming (ROP)
Due on: 10/25/2021 23:59:59
|
lab3.pdf |
|
Class 12 | Oct 13, 2021 | Multi-Stage Exploits | ch12.pdf |
|
Lab 4 (10 points) |
Oct 20, 2021 | Lab: Multi-Stage Exploits
Due on: 11/08/2021 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.txt. |
Target IP: 147.182.223.56 Target Port: 7777 Vulnerable program: lab4 (lab4.c) Target File (flag): flag.txt ASLR/NX is on, StackGuard and PIE is off Hint Libc version: libc6-i386_2.33-0ubuntu5_amd64 [Link] |
|
Class 13 | Oct 25, 2021 | Stack Guard & Format String Bug | ch13.pdf |
|
Class 14 | Nov 1, 2021 | Web Security [Video] Online Asynchronous |
ch14.pdf | |
Class 15 | Nov 3, 2021 | Heap Exploitation (1) | ch15.pdf |
|
Class 16 | Nov 8, 2021 | Heap Exploitation (2): Unlink Attack | ch16.pdf |
|
Class 17 | Nov 10, 2021 | Heap Exploitation (3): glibc, House of force | ch17.pdf |
|
Class 18 | Nov 15, 2021 | Heap Exploitation (4): Use After Free, Double Free & Kernel Exploitation | ch18.pdf |
|
Class 19 | Nov 18, 2021 | Kernel Exploitation[Video] Online Asynchronous |
ch19.pdf |
|
Lab 5 (10 points) |
Nov 30, 2021 | Lab: Kernel Exploitation
Due on: 12/17/2021 23:59:59
|
lab5.pdf |
|
Final Project (40 + 10 (Quiz) points) |
Nov 22, 2021 | "The Final"
Due on: 12/17/2021 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag. |
Target IP: 104.131.58.52 Target Port: 9999 Vulnerable program: final(final.c) Target File (flag): flag ASLR/NX and StackGuard are on, PIE is off Hint Libc version: libc6-i386_2.31-0ubuntu9.2_amd64 [Link] |
|
Class 20 | Nov 30, 2021 | The Future of Software Security [Video] Online Asynchronous |
ch20.pdf |
|