CSC 472 Software Security

2022-Fall Course Website

gdb

Course Syllabus is now available: [download]

Course Overview

This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.

The legal aspects of reverse engineering.
Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

Basic programming concepts (e.g. complete Java I, II)
Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
Familiar with Unix/Linux including the command-line shell and gdb
Familiar with Intel x86 assembly language and architecture
Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

#	Date	Topic	Slides	Supporting Materials
Class 1	Aug 30, 2022	Introduction	ch01.pdf	[Video]
Class 2	Sep 01, 2022	IA-32 Register, Byte Ordering	ch02.pdf	little_endian.c MobaXterm [Video]
Class 3	Sep 6, 2022	x86 ASM, Stack	ch03.pdf	How to connect to BadgerCTF asmreview.asm asmreview2.asm [Video - X86 ASM] [Video - Stack]
Class 4	Sep 8, 2022	Stack & Stack Frame (1)	ch04.pdf	stack.py stack.asm StackFrame.c [Video - Stack Frame]
Lab 1 (10 points)	Sep 13, 2022	Lab: Stack and Stack Frame Due on: 10/04/2022 23:59:59	lab1.pdf	How to connect to BadgerCTF How to write a lab report lab1.c
Class 5	Sep 20, 2022	Stack Frame (2)	ch04.pdf	stack.py stack.asm StackFrame.c [Video - Stack Frame]
Class 6	Sep 22, 2022	System Call & Shellcode	ch06.pdf	helloworld.asm hello.asm test.c [Video]
Class 7	Sep 27, 2022	Stack Overflow (1)	ch07.pdf	buffer.c buffer2.c overflow.c attack.py overflow2.c attack2.py [Video]
Class 8	Sep 29, 2022	Stack Overflow (2)	ch08.pdf	overflow.c attack.py overflow2.c attack2.py [Video]
Lab 2 (10 points)	Oct 04, 2022	Lab: Stack Overflow Due on: 10/20/2022 23:59:59	lab2.pdf	lab2.c exploit.py (template) How to connect to BadgerCTF How to write a lab report
Class 9	Oct 04, 2022	Return-oriented Programming (ROP) (1)	ch09.pdf	rop.c rop.py overflow.c rop2.py ROPgadget [Video]
Class 10	Oct 06, 2022	Return-oriented Programming (ROP) (2)	ch10.pdf	rop.c rop.py overflow.c rop2.py ROPgadget [Video]
Class 11	Oct 11, 2022	ROP (3) & Return-to-libc Attack	ch11.pdf	rop.c rop.py rop2.py ROPgadget reveal_address.c ret2lib.c ret2lib_Exploit.py niklasb/libc-database [Video]
Lab 3 (10 points)	Oct 11, 2022	Lab: Return-oriented Programming (ROP) Due on: 11/08/2022 23:59:59	lab3.pdf	lab3.c lab3 rop_exp.py (template) How to connect to BadgerCTF How to write a lab report
Class 12	Oct 13, 2022	PLT, GOT & Return-to-plt Attack (Bypassing ASLR/NX)	ch12.pdf	ret2plt.c ret2plt_Exp.py [Video]
Class 13	Oct 25, 2022	GOT Overwrite Attack	ch13.pdf	bypassGOT.c exp_GOT.py [Video]
Class 14	Oct 27, 2022	GOT Overwrite Attack (2)	ch13.pdf	bypassGOT.c exp_GOT.py [Video]
Class 15	Nov 01, 2022	Multi-Stage Exploits	ch15.pdf	multi_stage.c exp_multi_stage.py [Video]
Lab 4 (10 points)	Nov 01, 2022	Lab: Multi-Stage Exploits Due on: 11/17/2022 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.txt.	Target IP: `147.182.223.56` Target Port: `7777` Vulnerable program: `lab4 (lab4.c)` Target File (flag): `flag.txt` ASLR/NX is on, StackGuard and PIE is off Hint Libc version:`libc6-i386_2.33-0ubuntu5_amd64` [Link]	lab4 lab4.c lab4_exp.py How to connect to BadgerCTF How to write a lab report
Class 16	Nov 3, 2022	Stack Guard & Format String Bug	ch16.pdf	easy_canary_32.c easy_canary_exp_32.py easy_canary_64.c easy_canary_exp_64.py fmt_write.c fmt_wrong.c fmtstr.c fmtstr_exp.py [Video]
Class 17	Nov 7, 2022	Web Security [Video] Online Asynchronous	ch17.pdf
Class 18	Nov 10, 2022	Heap Exploitation (1)	ch18.pdf	use_heap.c heap0.c exploit_heap0.py
Class 19	Nov 15, 2022	Heap Exploitation (2): Unlink Attack	ch19.pdf	babyfirst-heap_33ecf0ad56efc1b322088f95dd98827c exp_babyfirst.py
Class 20	Nov 17, 2021	Heap Exploitation (3): glibc, House of force	ch20.pdf	hof.c
Class 21	Nov 22, 2022	Kernel Exploitation[Video] Online Asynchronous	ch21.pdf	uaf.c babydriver.tar CISCN2017-babydriver Ghidra
Lab 5 (10 points)	Nov 22, 2022	Lab: Kernel Exploitation Due on: 12/16/2022 23:59:59	lab5.pdf	lab5.tar exp.c How to connect to BadgerCTF How to write a lab report
Class 22	Nov 29, 2022	Use After Free (UAF), Double Free, Hacking Gaming Consoles	ch22.pdf	uaf.c
Final Project (30 + 10 (Quiz) points)	Nov 22, 2022	"The Final" Due on: 12/16/2022 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.	Target IP: `104.131.58.52` Target Port: `9999` Vulnerable program: `final(final.c)` Target File (flag): `flag` ASLR/NX and StackGuard are on, PIE is off Hint Libc Offset: offset___libc_start_main_ret = 0x1aed5 offset_system = 0x00041360 offset_dup2 = 0x000f11c0 offset_read = 0x000f0540 offset_write = 0x000f05e0 offset_str_bin_sh = 0x18b363	Please check the Quiz on D2L Remote Binary file --> final_remote final.c attack.py How to connect to BadgerCTF How to write a lab report