CSC 472 Software Security

2023-Fall Course Website

gdb

Course Syllabus is now available: [download]

Course Overview

This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, heap overflows, kernel overflows -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.

The legal aspects of reverse engineering.
Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

Basic programming concepts (e.g. complete Java I, II)
Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
Familiar with Unix/Linux including the command-line shell and gdb
Familiar with Intel x86 assembly language and architecture
Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

#	Date	Topic	Slides	Supporting Materials
Class 1	Aug 29, 2023	Introduction	ch01.pdf	[Video] [GalaxyMentor]
Class 2	Sep 05, 2023	IA-32 Register, Byte Ordering	ch02.pdf	[Video] little_endian.c MobaXterm [GalaxyMentor]
Class 3	Sep 07, 2023	x86 ASM	ch03.pdf	How to connect to BadgerCTF asmreview.asm asmreview2.asm [Video - X86 ASM] [GalaxyMentor]
Class 4	Sep 12, 2023	Stack & Stack Frame (1)	ch04.pdf	stack.py stack.asm stack_frame.c [Video - Stack Frame]
Class 5	Sep 14, 2023	Stack & Stack Frame (2)	ch04.pdf	stack.py stack.asm stack_frame.c [Video - Stack Frame]
Lab 1 (10 points)	Sep 12, 2023	Lab: Stack and Stack Frame Due on: 09/21/2023 23:59:59	lab1.pdf	How to connect to BadgerCTF How to write a lab report lab1.c
Class 6	Sep 19, 2023	System Call & Shellcode	ch06.pdf	helloworld.asm hello.asm shell.asm helloworld_shellcode.c shellcodetest.c [Video]
Class 7	Sep 21, 2023	Stack Overflow (1)	ch07.pdf	buffer.c buffer2.c overflow.c attack.py overflow2.c attack2.py [Video]
Class 8	Sep 26, 2023	Stack Overflow (2)	ch08.pdf	overflow.c attack.py overflow2.c exploit2_demo.py exploit2.py [Video]
Lab 2 (10 points)	Sep 26, 2023	Lab: Stack Overflow Due on: 10/05/2023 23:59:59	lab2.pdf	lab2.c exploit.py (template) How to connect to BadgerCTF How to write a lab report
Class 9	Sep 28, 2023	Return-oriented Programming (ROP) (1)	ch09.pdf	rop.c rop.py overflow.c rop2.py ROPgadget [Video]
Class 10	Oct 03, 2023	ROP (2)	ch10.pdf	rop.c rop.py rop2.py ROPgadget [Video]
Lab 3 (10 points)	Oct 03, 2023	Lab: Return-oriented Programming (ROP) Due on: 10/24/2023 23:59:59	lab3.pdf	lab3.c lab3 rop_exp.py (template) How to connect to BadgerCTF How to write a lab report
Class 11	Oct 05, 2023	Return-to-libc Attack	ch11.pdf	ret2lib.c ret2lib_Exploit.py niklasb/libc-database [Video]
Class 12	Oct 10, 2023	PLT, GOT & Return-to-plt Attack (Bypassing ASLR/NX)	ch12.pdf	ret2plt.c ret2plt_Exp.py [Video]
Class 13	Oct 12, 2023	GOT Overwrite Attack	ch13.pdf	bypassGOT.c exp_GOT.py [Video]
Class 14	Oct 19, 2023	Web Security Online Asynchronous	ch14.pdf	[Video]
Class 15	Oct 24, 2023	Multi-Stage Exploits	ch15.pdf	multi_stage.c multi_stage.py [Video]
Lab 4 (10 points)	Oct 24, 2023	Lab: Multi-Stage Exploits Due on: 11/14/2023 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.txt.	lab4.pdf Target IP: `147.182.223.56` Target Port: `6666` Vulnerable program: `lab4 (lab4.c)` Target File (flag): `flag.txt` ASLR/NX is on, StackGuard and PIE is off Hint Libc version:`libc6-i386_2.33-0ubuntu5_amd64` [Link]	lab4 lab4.c lab4_exp.py How to connect to BadgerCTF How to write a lab report
Class 16	Oct 31, 2023	Stack Guard & Format String Bug	ch16.pdf	easy_canary_32.c easy_canary_exp_32.py easy_canary_64.c easy_canary_exp_64.py fmt_write.c fmt_wrong.c fmtstr.c fmtstr_exp.py [Video]
Class 17	Nov 1, 2023	Heap Exploitation (1)	ch17.pdf	use_heap.c heap0.c exploit_heap0.py
Class 19	Nov 9, 2023	Heap Exploitation (2): Unlink Attack	ch19.pdf	babyfirst-heap_33ecf0ad56efc1b322088f95dd98827c exp_babyfirst.py
Class 20	Nov 14, 2023	The Future of Software Security [Video] Online Asynchronous	ch20.pdf	ARSpy paper
Class 21	Nov 16, 2023	Heap Exploitation (3): glibc, House of force	ch21.pdf	hof.c
Class 22	Nov 21, 2023	Kernel Exploitation[Video] Online Asynchronous	ch22.pdf	uaf.c babydriver.tar CISCN2017-babydriver Ghidra
Lab 5 (10 points)	Nov 21, 2023	Lab: Kernel Exploitation Due on: 12/15/2023 23:59:59	lab5.pdf	lab5.tar exp.c How to connect to BadgerCTF How to write a lab report
Class 23	Nov 28, 2023	Use After Free (UAF), Double Free, Hacking Gaming Consoles	ch23.pdf	uaf.c
Final Project (30 + 10 (Quiz) points)	Nov 28, 2023	"The Final" Due on: 12/15/2023 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.	Target IP: `167.172.144.44` Target Port: `9999` Vulnerable program: `final(final.c)` Target File (flag): `flag.txt` ASLR/NX and StackGuard are on, PIE is off Hint Libc Offset: offset___libc_start_main_ret = 0x1f8f9 offset_system = 0x00049750 offset_dup2 = 0x0010b670 offset_read = 0x0010a8b0 offset_write = 0x0010a9a0 offset_str_bin_sh = 0x1b8fef	Please check the Quiz on D2L Remote Binary file --> final_remote final.c attack.py How to connect to BadgerCTF How to write a lab report