Hi all, since we’ve already finished all the lectures, we will not have any new lectures before the final (No class on Dec 1/6/8, 2021), instead, please work on our final project. I'll be available to answer any questions that you may have related to the final project and lab 5. The classroom is also reserved, you can access it during lecture time. I'll also be online via Zoom during our lecture time so if you have any questions, feel free to contact me.
Course Syllabus is now available:
[download]
Course Overview
This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.
- The legal aspects of reverse engineering.
- Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
- The general principles behind malicious software and how reverse engineering is applied to study such program.
Expected Background
- Basic programming concepts (e.g. complete Java I, II)
- Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
- Familiar with Unix/Linux including the command-line shell and gdb
- Familiar with Intel x86 assembly language and architecture
- Familiar with web programming concepts (HTML, HTTP, TCP, network communications)
Textbook
No Textbook
Reference book:
- Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
- Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
- Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818
Course Content
| # | Date | Topic | Slides | Supporting Materials |
|---|---|---|---|---|
| Class 1 | Aug 30, 2021 | Introduction | ch01.pdf | |
| Class 2 | Sep 01, 2021 | IA-32 Register, Byte Ordering | ch02.pdf |
|
| Class 3 | Sep 13, 2021 | x86 ASM, Stack | ch03.pdf |
|
| Class 4 | Sep 15, 2021 | Stack Frame | ch04.pdf |
|
| Lab 1 (10 points) |
Sep 15, 2021 | Lab: Stack and Stack Frame
Due on: 09/27/2021 23:59:59
|
lab1.pdf |
|
| Class 5 | Sep 20, 2021 | System Call & Shellcode | ch05.pdf |
|
| Class 6 | Sep 23, 2021 | Stack Overflow (1) | ch06.pdf |
|
| Class 7 | Sep 27, 2021 | Stack Overflow (2)[Video] Online Asynchronous |
ch07.pdf |
|
| Class 8 | Sep 29, 2021 | Return-oriented Programming (ROP) (1) | ch08.pdf |
|
| Lab 2 (10 points) |
Sep 29, 2021 | Lab: Stack Overflow
Due on: 10/11/2021 23:59:59
|
lab2.pdf |
|
| Class 9 | Oct 04, 2021 | Return-oriented Programming (ROP) (2) & Return-to-libc Attack | ch09.pdf |
|
| Class 10 | Oct 06, 2021 | PLT, GOT & Return-to-plt Attack (Bypassing ASLR/NX) | ch10.pdf |
|
| Class 11 | Oct 11, 2021 | GOT Overwrite Attack | ch11.pdf |
|
| Lab 3 (10 points) |
Oct 11, 2021 | Lab: Return-oriented Programming (ROP)
Due on: 10/25/2021 23:59:59
|
lab3.pdf |
|
| Class 12 | Oct 13, 2021 | Multi-Stage Exploits | ch12.pdf |
|
| Lab 4 (10 points) |
Oct 20, 2021 | Lab: Multi-Stage Exploits
Due on: 11/08/2021 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.txt. |
Target IP: 147.182.223.56 Target Port: 7777 Vulnerable program: lab4 (lab4.c) Target File (flag): flag.txt ASLR/NX is on, StackGuard and PIE is off Hint Libc version: libc6-i386_2.33-0ubuntu5_amd64 [Link] |
|
| Class 13 | Oct 25, 2021 | Stack Guard & Format String Bug | ch13.pdf |
|
| Class 14 | Nov 1, 2021 | Web Security [Video] Online Asynchronous |
ch14.pdf | |
| Class 15 | Nov 3, 2021 | Heap Exploitation (1) | ch15.pdf |
|
| Class 16 | Nov 8, 2021 | Heap Exploitation (2): Unlink Attack | ch16.pdf |
|
| Class 17 | Nov 10, 2021 | Heap Exploitation (3): glibc, House of force | ch17.pdf |
|
| Class 18 | Nov 15, 2021 | Heap Exploitation (4): Use After Free, Double Free & Kernel Exploitation | ch18.pdf |
|
| Class 19 | Nov 18, 2021 | Kernel Exploitation[Video] Online Asynchronous |
ch19.pdf |
|
| Lab 5 (10 points) |
Nov 30, 2021 | Lab: Kernel Exploitation
Due on: 12/17/2021 23:59:59
|
lab5.pdf |
|
| Final Project (40 + 10 (Quiz) points) |
Nov 22, 2021 | "The Final"
Due on: 12/17/2021 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag. |
Target IP: 104.131.58.52 Target Port: 9999 Vulnerable program: final(final.c) Target File (flag): flag ASLR/NX and StackGuard are on, PIE is off Hint Libc version: libc6-i386_2.31-0ubuntu9.2_amd64 [Link] |
|
| Class 20 | Nov 30, 2021 | The Future of Software Security [Video] Online Asynchronous |
ch20.pdf |
|
Tutorials and Supporting Materials
- How to connect to BadgerCTF
- How to write a lab report
- Download MobaXterm (Windows)
- How to use VIM
- How to use Nano
- Overview of IA-32 assembly
- x86 Assembly Language Reference Manual
- A Guide to Programming Intel IA32 PC Architecture programming
- RMS's gdb Tutorial
- pwntools - CTF toolkit new
- Pwntools Tutorials new
- GEF - GDB Enhanced Features
- how2heap
- Ghidra