This lecture has several walkthroughs and demos of modern binary exploitation techniques for heap and format string vulnerabilities. For heap exploitation we examine classic heap buffer overflow exploitation (e.g. unlink_macro targeting), discuss modern heap buffer overflow exploitation with safe-unlink bypassing and other techniques, cover heap spraying and use-after-free exploitation. We have two examples of format string exploitation, demonstrating different techniques. Finally we discuss the cornerstone of defenses against modern binary exploitation: exploit mitigations like stack cookies, Data Execution Prevention (DEP), No Execute (NX), Address Space Layout Randomization ASLR, and more. Finally we of course discuss how each exploit mitigation is bypassed. Slides for this lecture begin on slide 56. At this time, students are expected to have completed Homework 4, assigned in Lecture 08: Reverse Engineering x86 102.
August 26, 2016
August 24, 2016
This lecture walks through the basics of x86 shellcode and payload development for Linux environments. Here we detail many important nuances of payload development, creating and managing strings, dealing with null-bytes, position-independence, and creating self-modifying (polymorphic) payloads.
August 23, 2016
This is the beginning of the exploit development lectures. The fundamentals of processor architecture relevant to modern binary exploitation are covered. The stack is reviewed, and simple buffer overflows are explained.
August 19, 2016
This lecture explains advanced techniques for vulnerability research, bug hunting, and crash analysis. Topics covered are taint analysis, dynamic taint analysis, code paths and the classic explosion problem, symbolic and intermediate representations, symbolic execution, and modern vulnerability hunting systems that offer hybrid approaches. At this time, students are intended to have completed Homework 3, assigned in Lecture 6.
August 17, 2016
This is a study review for students for the upcoming midterm exam. To get exams or premium services, please contact us.
August 15, 2016
This lecture provides coverage of Fuzzing techniques for SDL, VR, 0-day hunting, and other applications. We discuss nuances and realities of bug hunting, testing, and bug fixing. Mutational, generational (aka model based), and differential fuzzing are covered. Computer science theory is discussed in relation to computational and algorithmic limits on fuzzing. Test harness development and modification is discussed. Crash analysis is covered in depth, and finally demonstrations of using tools like American Fuzzy Lop (AFL) fuzzer and lcov are presented.
August 12, 2016
Day two of our two day reverse engineering workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. The slides for this lecture begin on slide #81.
August 10, 2016
Day one of our two day reverse engineering workshop, exposing students to x86 reverse engineering with IDA and CFF Explorer. At this time, students are expected to have completed homework 2, assigned at the end of lecture 3.
August 8, 2016
This lecture covers rootkit design and techniques for windows and linux. A popular open-source rootkit case study is analyzed.
August 5, 2016
This lecture provides an overview of the registry and registry hives, persistence mechanisms used by malware, Portable Executable (PE) file format overview, window systems calls commonly used by malware, and the Windows Application Programmable Interface (API).
August 3, 2016
This lecture includes a technical overview of Linux operating system basics, and an introduction to vulnerability research topics and the permissions spectrum. At this time, students are expected to have finished the exercises presented in homework 1, which was assigned in the first lecture.
August 1, 2016
This lecture covers the fundamentals of auditing C/C++ source code for vulnerabilities, as well as the standard bug enumerations of CVE and CWE. Several exercises and examples are presented.