CSC 472/583 Software Security

2021-Fall Course Website

Advisor: Si Chen

gdb

Course Overview

This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.

  • The legal aspects of reverse engineering.
  • Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
  • The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

  • Basic programming concepts (e.g. complete Java I, II)
  • Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
  • Familiar with Unix/Linux including the command-line shell and gdb
  • Familiar with Intel x86 assembly language and architecture
  • Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

  1. Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
  2. Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
  3. Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

# Date Topic Slides Supporting Materials
Class 1 Aug 30, 2021 Introduction ch01.pdf
  • [Video]
  • Class 2 Sep 01, 2021 IA-32 Register, Byte Ordering ch02.pdf
  • little_endian.c
  • MobaXterm
  • [Video]
  • Class 3 Sep 13, 2021 x86 ASM, Stack ch03.pdf
  • How to connect to BadgerCTF
  • asmreview.asm
  • asmreview2.asm
  • stack.py
  • stack.asm
  • [Video - X86 ASM]
  • [Video - Stack]
  • Class 4 Sep 15, 2021 Stack Frame ch04.pdf
  • StackFrame.c
  • [Video - Stack Frame]
  • Lab 1
    (10 points)
    Sep 15, 2021 Lab: Stack and Stack Frame
    lab1.pdf
  • How to connect to BadgerCTF
  • How to write a lab report
  • lab1.c
  • Class 5 Sep 20, 2021 System Call & Shellcode ch05.pdf
  • helloworld.asm
  • hello.asm
  • test.c
  • [Video]
  • Class 6 Sep 23, 2021 Stack Overflow (1) ch06.pdf
  • buffer.c
  • buffer2.c
  • overflow.c
  • attack.py
  • overflow2.c
  • attack2.py
  • [Video]
  • Class 7 Sep 27, 2021 Stack Overflow (2)[Video]
    Online Asynchronous
    ch07.pdf
  • overflow.c
  • attack.py
  • overflow2.c
  • attack2.py
  • Class 8 Sep 29, 2021 Return-oriented Programming (ROP) (1) ch08.pdf
  • rop.c
  • rop.py
  • overflow.c
  • rop2.py
  • ROPgadget
  • [Video]
  • Lab 2
    (10 points)
    Sep 29, 2021 Lab: Stack Overflow
    lab2.pdf
  • lab2.c
  • exploit.py (template)
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 9 Oct 04, 2021 Return-oriented Programming (ROP) (2) & Return-to-libc Attack ch09.pdf
  • rop.c
  • rop.py
  • rop2.py
  • ROPgadget
  • reveal_address.c
  • ret2lib.c
  • ret2lib_Exploit.py
  • niklasb/libc-database
  • [Video]
  • Class 10 Oct 06, 2021 PLT, GOT & Return-to-plt Attack (Bypassing ASLR/NX) ch10.pdf
  • ret2plt.c
  • ret2plt_Exp.py
  • [Video]
  • Class 11 Oct 11, 2021 GOT Overwrite Attack ch11.pdf
  • bypassGOT.c
  • exp_GOT.py
  • [Video]
  • Lab 3
    (10 points)
    Oct 11, 2021 Lab: Return-oriented Programming (ROP)
    lab3.pdf
  • lab3.c
  • rop_exp.py (template)
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 12 Oct 13, 2021 Multi-Stage Exploits ch12.pdf
  • multi_stage.c
  • exp_multi_stage.py
  • [Video]
  • Lab 4
    (10 points)
    Oct 20, 2021 Lab: Multi-Stage Exploits
    Target IP: 147.182.223.56
    Target Port: 7777
    Vulnerable program: lab4 (lab4.c)
    Target File (flag): flag.txt
    ASLR/NX is on, StackGuard and PIE is off
    Hint Libc version:libc6-i386_2.33-0ubuntu5_amd64 [Link]
  • lab4
  • lab4.c
  • lab4_exp.py
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 13 Oct 25, 2021 Stack Guard & Format String Bug ch13.pdf
  • easy_canary_32.c
  • easy_canary_exp_32.py
  • easy_canary_64.c
  • easy_canary_exp_64.py
  • fmt_write.c
  • fmt_wrong.c
  • fmtstr.c
  • fmtstr_exp.py
  • [Video]
  • Class 14 Nov 1, 2021 Web Security [Video]
    Online Asynchronous
    ch14.pdf
    Class 15 Nov 3, 2021 Heap Exploitation (1) ch15.pdf
  • use_heap.c
  • heap0.c
  • exploit_heap0.py
  • Class 16 Nov 8, 2021 Heap Exploitation (2): Unlink Attack ch16.pdf
  • babyfirst-heap_33ecf0ad56efc1b322088f95dd98827c
  • exp_babyfirst.py
  • Class 17 Nov 10, 2021 Heap Exploitation (3): glibc, House of force ch17.pdf
  • hof.c
  • bamboobox
  • bamboobox_exp.py
  • bamboobox.c
  • Class 18 Nov 15, 2021 Heap Exploitation (4): Use After Free, Double Free & Kernel Exploitation ch18.pdf
  • uaf.c
  • doublefree.c
  • fastbin_dup.c
  • how2heap
  • Class 19 Nov 18, 2021 Kernel Exploitation[Video]
    Online Asynchronous
    ch19.pdf
  • uaf.c
  • babydriver.tar
  • CISCN2017-babydriver
  • Ghidra
  • Lab 5
    (10 points)
    Nov 30, 2021 Lab: Kernel Exploitation
    lab5.pdf
  • lab5.tar
  • exp.c
  • How to connect to BadgerCTF
  • How to write a lab report
  • Final Project
    (40 + 10 (Quiz) points)
    Nov 22, 2021 "The Final"
    Target IP: 104.131.58.52
    Target Port: 9999
    Vulnerable program: final(final.c)
    Target File (flag): flag
    ASLR/NX and StackGuard are on, PIE is off
    Hint Libc version:libc6-i386_2.31-0ubuntu9.2_amd64 [Link]
  • Quiz on D2L
  • Remote Binary file --> final_remote
  • final.c
  • attack.py
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 20 Nov 30, 2021 The Future of Software Security
    [Video]
    Online Asynchronous
    ch20.pdf
  • ARSpy paper
  • Tutorials and Supporting Materials