CSC 472 Software Security

2024-Fall Course Website

Instructor: Si Chen

gdb

Course Syllabus is now available: [download]

Course Overview

This topic is primarily aimed at people interested in software security, reverse engineering and low-level software. In this course, we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, heap overflows, kernel overflows -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques.

The legal aspects of reverse engineering.
Assembly language for IA-32 compatible processors and how to read compiler-generated assembly language code.
The general principles behind malicious software and how reverse engineering is applied to study such program.

Expected Background

Basic programming concepts (e.g. complete Java I, II)
Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
Familiar with Unix/Linux including the command-line shell and gdb
Familiar with Intel x86 assembly language and architecture
Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
Kris Kaspersky, Hacker Disassembling Uncovered, 2nd Edition, ISBN 978-1931769648
Eldad Eilam, Reversing: Secrets of Reverse Engineering, 1st Edition, ISBN 978-0764574818

Course Content

#	Date	Topic	Slides	Supporting Materials
Class 1	Aug 26, 2024	Introduction	ch01.pdf	[Video]
Class 2	Aug 28 and Aug 30, 2024	IA-32 Register, Byte Ordering	ch02.pdf	[Video] little_endian.c MobaXterm
Class 3	Sep 04, 2024	x86 ASM	ch03.pdf	How to connect to BadgerCTF asmreview.asm asmreview2.asm [Video - X86 ASM]
Class 4	Sep 09, 2024	Stack & Stack Frame (1)	ch04.pdf	stack.py stack.asm stack_frame.c [Video]
Class 5	Sep 11 & 13 & 16, 2024	Stack & Stack Frame (2)	ch04.pdf	stack.py stack.asm stack_frame.c [Video - Stack Frame]
Lab 1 (5 points)	Sep 11, 2024	Lab: Stack and Stack Frame Due on: 09/27/2024 23:59:59	lab1.pdf	How to connect to BadgerCTF How to write a lab report lab1.c
Class 6	Sep 18 & 23, 2024	System Call & Shellcode	ch06.pdf	helloworld.asm hello.asm shell.asm helloworld_shellcode.c shellcodetest.c [Video]
Class 7	Sep 25, 2024	Stack Overflow (1)	ch07.pdf	buffer.c buffer2.c overflow.c attack.py overflow2.c attack2.py [Video]
Class 8	Sep 27, 2024	Stack Overflow (2)	ch08.pdf	overflow.c attack.py overflow2.c exploit2_demo.py exploit2.py [Video]
Lab 2 (10 points)	Sep 27 & 30, 2024	Lab: Stack Overflow Due on: 10/11/2024 23:59:59	lab2.pdf	lab2.c exploit.py (template) How to connect to BadgerCTF How to write a lab report
Class 9	Oct 02, 2024	Return-oriented Programming (ROP) (1)	ch09.pdf	rop.c rop.py overflow.c rop2.py ROPgadget [Video]
Class 10	Oct 04, 2024	Return-oriented Programming (ROP) (2)	ch10.pdf	rop.c rop.py rop2.py ROPgadget [Video]
Class 11	Oct 7, 9, 11, 2024	Web Security Online Asynchronous	ch11.pdf	[Video]
Class 12	Oct 16, 2024	ROP (3) & Dynamic Linking	ch12.pdf	ret2lib.c ret2lib_Exploit.py niklasb/libc-database [Video]
Lab 3 (10 points)	Oct 16, 2024	Lab: Return-oriented Programming (ROP) Due on: 10/25/2024 23:59:59	lab3.pdf	lab3.c lab3 rop_exp.py (template) How to connect to BadgerCTF How to write a lab report
Class 13	Oct 18, 2024	Return-to-libc Attack & ASLR	ch13.pdf	ret2lib.c ret2lib_Exploit.py niklasb/libc-database [Video]
Class 14	Oct 21, 23, 2024	PLT, GOT & Return-to-plt Attack (Bypassing ASLR/NX)	ch14.pdf	ret2plt.c ret2plt_Exp.py [Video]
Class 15	Oct 25, 2024	GOT Overwrite Attack	ch15.pdf	bypassGOT.c exp_GOT.py [Video]
Class 16	Oct 30, 2024	Multi-Stage Exploits	ch16.pdf	multi_stage.c multi_stage.py [Video]
Lab 4 (10 points)	Oct 31, 2024	Lab: Multi-Stage Exploits Due on: 11/22/2024 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.txt.	lab4.pdf Target IP: `159.203.157.119` Target Port: `6666` Vulnerable program: `lab4 (lab4.c)` Target File (flag): `flag.txt` ASLR/NX is on, StackGuard and PIE is off Hint Libc version:`libc6-i386_2.33-0ubuntu5_amd64` [Link]	lab4 lab4.c lab4_exp.py libc.so.6 (on the remote server) How to connect to BadgerCTF How to write a lab report
Class 17	Nov 04, 06 2024	Stack Guard & Format String Bug	ch17.pdf	easy_canary_32.c easy_canary_exp_32.py easy_canary_64.c easy_canary_exp_64.py fmt_write.c fmt_wrong.c fmtstr.c fmtstr_exp.py [Video]
Class 18	Nov 09 & 11, 2024	Heap Exploitation (1)	ch18.pdf	use_heap.c heap0.c exploit_heap0.py
Class 19	Nov 13 & 15, 2024	Heap Exploitation (2): Unlink Attack	ch19.pdf	babyfirst-heap_33ecf0ad56efc1b322088f95dd98827c exp_babyfirst.py
Class 20	Nov 18, 2024	Heap Exploitation (3): glibc, House of force	ch20.pdf	hof.c
Class 21	Nov 20 & 24, 2024	Kernel Exploitation	ch21.pdf	uaf.c babydriver.tar CISCN2017-babydriver Ghidra [Video]
Lab 5 (10 points)	Nov 24, 2024	Lab: Kernel Exploitation Due on: 12/14/2024 23:59:59	lab5.pdf	lab5.tar exp.c How to connect to BadgerCTF How to write a lab report
Class 22	Dec 02, 2024	Use After Free (UAF), Double Free, Hacking Gaming Consoles	ch22.pdf	uaf.c
Final Project (15 + 5 (Quiz) points)	Nov 19, 2024	"The Final" Due on: 12/14/2024 23:59:59 Your submission should include: A detailed project report in PDF format to describe what you have done, including screenshots and code snippets and content inside flag.	Target IP: `143.244.149.32` Target Port: `9999` Vulnerable program: `final(final.c)` Target File (flag): `flag.txt` Hint ASLR/NX and StackGuard are on, PIE is off	Please check the Quiz on D2L Remote Binary file --> final libc.so.6 (on the remote server) final.c attack.py How to connect to BadgerCTF How to write a lab report