This course is designed to provide students with good understanding of the theories, principles, techniques and tools used for software and system hacking and hardening. Students will study, in-depth, binary reverse engineering, vulnerability classes, vulnerability analysis, exploit and shellcode development, defensive solutions, etc. to understand how to crack and protect native software. In particular, this class covers offensive techniques including stack-based buffer overflow, heap security, format string vulnerability, return-oriented programming, etc. This class also covers defensive techniques including canary, shadow stack, address space layout randomization, control-flow integrity, etc. A key part of studying security is putting skills to the test in practice. Hacking challenges known as Capture The Flag (CTF) competitions are a great way to do this. In this class the progress of students are evaluated by lab assignment and in-class Capture-The-Flag (CTF) competitions.
Downloads: Course Syllabus
|Week-1 Class-1 8/28||Overview and Background Knowledge Notes Hw Video|
|Week-2 Class-1 9/4||=== Labor Day Observed - No class ===|
|Week-3 Class-1 9/11||Background and Buffer Overflow Notes Hw Video||Hw-1|
|Week-4 Class-1 9/18||Buffer Overflow Notes Hw Video||Hw-2|
|Week-5 Class-1 9/25||Buffer Overflow Notes Hw Video||Hw-3|
|Week-6 Class-1 10/2||Buffer Overflow (Frame pointer and defense) Notes Hw Video||Hw-4|
|Week-7 Class-1 10/9||=== Fall Break ===|
|Week-8 Class-1 10/16||Shadow Stack, Stack Canaries Notes Hw Video||Hw-5|
|Week-9 Class-1 10/23||*** Midterm CTF*** Midterm Hw||Hw-6|
|Week-10 Class-1 10/30||ASLR, Seccomp, and Shellcoding Notes Hw ShellcodeTemplate Video||Hw-7|
|Week-11 Class-1 11/6||Format string vulnerability Notes Hw Video||Hw-8
The instructor will be out of town on Nov 6th. The class will be delivered online on Nov 5th 6:30PM. Students can attend the online session though it is not required. The recording also be provided thereafter.
|Week-12 Class-1 11/13||Format string vulnerability Notes Hw Video||Hw-9|
|Week-13 Class-1 11/20||Return-oriented programming Notes Hw Video||Hw-10|
|Week-14 Class-1 11/27||Return-oriented programming and Heap exploitation Notes Hw Video||Hw-11
The instructor will be out of town on the 27th. Instead, the class will be delivered online on the ??th ??PM. Students can attend the online session though it is not required. The recording will be provided thereafter.
|Week-15 Class-1 12/4||Heap exploitation and CacheNotes Hw Video||Hw-12|
|Week-16 Class-1 12/11||Cache side-channel attacks, Meltdown, Spectre and Final Review Hw||Hw-13/Hw-14|
|Final CTF 12/13 7:15pm-10:15pm Davis 101||FinalCTF|