CSC 472 Software Security

2022-Fall Course Website

Advisor: Si Chen

gdb

Course Overview

This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.

  • The legal aspects of reverse engineering.
  • Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
  • The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

  • Basic programming concepts (e.g. complete Java I, II)
  • Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
  • Familiar with Unix/Linux including the command-line shell and gdb
  • Familiar with Intel x86 assembly language and architecture
  • Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

  1. Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
  2. Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
  3. Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

# Date Topic Slides Supporting Materials
Class 1 Aug 30, 2022 Introduction ch01.pdf
  • [Video]
  • Class 2 Sep 01, 2022 IA-32 Register, Byte Ordering ch02.pdf
  • little_endian.c
  • MobaXterm
  • [Video]
  • Class 3 Sep 6, 2022 x86 ASM, Stack ch03.pdf
  • How to connect to BadgerCTF
  • asmreview.asm
  • asmreview2.asm
  • [Video - X86 ASM]
  • [Video - Stack]
  • Class 4 Sep 8, 2022 Stack & Stack Frame (1) ch04.pdf
  • stack.py
  • stack.asm
  • StackFrame.c
  • [Video - Stack Frame]
  • Lab 1
    (10 points)
    Sep 13, 2022 Lab: Stack and Stack Frame
    lab1.pdf
  • How to connect to BadgerCTF
  • How to write a lab report
  • lab1.c
  • Class 5 Sep 20, 2022 Stack Frame (2) ch04.pdf
  • stack.py
  • stack.asm
  • StackFrame.c
  • [Video - Stack Frame]
  • Class 6 Sep 22, 2022 System Call & Shellcode ch06.pdf
  • helloworld.asm
  • hello.asm
  • test.c
  • [Video]
  • Class 7 Sep 27, 2022 Stack Overflow (1) ch07.pdf
  • buffer.c
  • buffer2.c
  • overflow.c
  • attack.py
  • overflow2.c
  • attack2.py
  • [Video]
  • Class 8 Sep 29, 2022 Stack Overflow (2) ch08.pdf
  • overflow.c
  • attack.py
  • overflow2.c
  • attack2.py
  • [Video]
  • Lab 2
    (10 points)
    Oct 04, 2022 Lab: Stack Overflow
    lab2.pdf
  • lab2.c
  • exploit.py (template)
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 9 Oct 04, 2022 Return-oriented Programming (ROP) (1) ch09.pdf
  • rop.c
  • rop.py
  • overflow.c
  • rop2.py
  • ROPgadget
  • [Video]
  • Class 10 Oct 06, 2022 Return-oriented Programming (ROP) (2) ch10.pdf
  • rop.c
  • rop.py
  • overflow.c
  • rop2.py
  • ROPgadget
  • [Video]
  • Class 11 Oct 11, 2022 ROP (3) & Return-to-libc Attack ch11.pdf
  • rop.c
  • rop.py
  • rop2.py
  • ROPgadget
  • reveal_address.c
  • ret2lib.c
  • ret2lib_Exploit.py
  • niklasb/libc-database
  • [Video]
  • Lab 3
    (10 points)
    Oct 11, 2022 Lab: Return-oriented Programming (ROP)
    lab3.pdf
  • lab3.c
  • lab3
  • rop_exp.py (template)
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 12 Oct 13, 2022 PLT, GOT & Return-to-plt Attack (Bypassing ASLR/NX) ch12.pdf
  • ret2plt.c
  • ret2plt_Exp.py
  • [Video]
  • Class 13 Oct 25, 2022 GOT Overwrite Attack ch13.pdf
  • bypassGOT.c
  • exp_GOT.py
  • [Video]
  • Class 14 Oct 27, 2022 GOT Overwrite Attack (2) ch13.pdf
  • bypassGOT.c
  • exp_GOT.py
  • [Video]
  • Class 15 Nov 01, 2022 Multi-Stage Exploits ch15.pdf
  • multi_stage.c
  • exp_multi_stage.py
  • [Video]
  • Lab 4
    (10 points)
    Nov 01, 2022 Lab: Multi-Stage Exploits
    Target IP: 147.182.223.56
    Target Port: 7777
    Vulnerable program: lab4 (lab4.c)
    Target File (flag): flag.txt
    ASLR/NX is on, StackGuard and PIE is off
    Hint Libc version:libc6-i386_2.33-0ubuntu5_amd64 [Link]
  • lab4
  • lab4.c
  • lab4_exp.py
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 16 Nov 3, 2022 Stack Guard & Format String Bug ch16.pdf
  • easy_canary_32.c
  • easy_canary_exp_32.py
  • easy_canary_64.c
  • easy_canary_exp_64.py
  • fmt_write.c
  • fmt_wrong.c
  • fmtstr.c
  • fmtstr_exp.py
  • [Video]
  • Class 17 Nov 7, 2022 Web Security [Video]
    Online Asynchronous
    ch17.pdf
    Class 18 Nov 10, 2022 Heap Exploitation (1) ch18.pdf
  • use_heap.c
  • heap0.c
  • exploit_heap0.py
  • Class 19 Nov 15, 2022 Heap Exploitation (2): Unlink Attack ch19.pdf
  • babyfirst-heap_33ecf0ad56efc1b322088f95dd98827c
  • exp_babyfirst.py
  • Class 20 Nov 17, 2021 Heap Exploitation (3): glibc, House of force ch20.pdf
  • hof.c
  • Class 21 Nov 22, 2022 Kernel Exploitation[Video]
    Online Asynchronous
    ch21.pdf
  • uaf.c
  • babydriver.tar
  • CISCN2017-babydriver
  • Ghidra
  • Lab 5
    (10 points)
    Nov 22, 2022 Lab: Kernel Exploitation
    lab5.pdf
  • lab5.tar
  • exp.c
  • How to connect to BadgerCTF
  • How to write a lab report
  • Class 22 Nov 29, 2022 Use After Free (UAF), Double Free, Hacking Gaming Consoles ch22.pdf
  • uaf.c
  • Final Project
    (30 + 10 (Quiz) points)
    Nov 22, 2022 "The Final"
    Target IP: 104.131.58.52
    Target Port: 9999
    Vulnerable program: final(final.c)
    Target File (flag): flag
    ASLR/NX and StackGuard are on, PIE is off
    Hint Libc Offset: offset___libc_start_main_ret = 0x1aed5
    offset_system = 0x00041360
    offset_dup2 = 0x000f11c0
    offset_read = 0x000f0540
    offset_write = 0x000f05e0
    offset_str_bin_sh = 0x18b363
  • Please check the Quiz on D2L
  • Remote Binary file --> final_remote
  • final.c
  • attack.py
  • How to connect to BadgerCTF
  • How to write a lab report
  • Tutorials and Supporting Materials