Modern Binary Exploitation Course Syllabus



Similar documents
Bypassing Memory Protections: The Future of Exploitation

Security & Exploitation

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

Penetration Testing with Kali Linux

Defense in Depth: Protecting Against Zero-Day Attacks

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

This four (4) credit hour. Students will explore tools and techniques used penetrate, exploit and infiltrate data from computers and networks.

Introduction to Computer Forensics Course Syllabus Spring 2012

Network Security ITP 457 (4 Units)

SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith

Custom Penetration Testing

Exploiting nginx chunked overflow bug, the undisclosed attack vector

Applied Network Security Course Syllabus Spring 2015

CE 460 Course Syllabus

INFO 2130 Introduction to Business Computing Fall 2014

College of Southern Maryland Fundamentals of Accounting Practice(ACC 1015) Course Syllabus Spring 2015

MKT 363 Professional Selling & Sales Management Course Syllabus (Spring 2011)

CE 460 Course Syllabus

INFO 2130 Introduction to Business Computing Spring 2013 Self-Paced Section 006

Computer Security SEGC-00 - Overview

CS 261 C and Assembly Language Programming. Course Syllabus

CS 300 Data Structures Syllabus - Fall 2014

Vulnerability Assessment and Penetration Testing

CIS 213 PENETRATION TESTING 3 cr. (2-2)

ISYE 415: INTRODUCTION TO MANUFACTURING SYSTEMS DESIGN AND ANALYSIS FALL 2013

English 1302 Writing Across the Curriculum Spring 2016

COURSE SYLLABUS. ESE 544/444 Project Management

Red Hat. By Karl Wirth

Unix Security Technologies. Pete Markowsky <peterm[at] ccs.neu.edu>

The University of Texas at Austin McCombs School of Business Foundations of Accounting (ACC 310F) Course Syllabus Spring 2015

WHITEPAPER. Nessus Exploit Integration

Fundamentals of Computer Programming CS 101 (3 Units)

How To Pass The Cis 50 Online Course

CSCI 4250/6250 Fall 2015 Computer and Network Security. Instructor: Prof. Roberto Perdisci

Advanced Digital Forensics ITP 475 (4 Units)

A Dozen Years of Shellphish From DEFCON to the Cyber Grand Challenge

INFO 3130 Management Information Systems Spring 2016

PSY 2012 General Psychology Sections 4041 and 1H85

Introduction to Information Technology ITP 101x (4 Units)

University of Massachusetts Dartmouth Charlton College of Business Information Technology for Small Business MIS 375.

Undergraduate Course Syllabus

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Hacking your perimeter. Social-Engineering. Not everyone needs to use zero. David Kennedy (ReL1K) Twitter: Dave_ReL1K

Investment Management Course

Software Vulnerabilities

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Software security. Buffer overflow attacks SQL injections. Lecture 11 EIT060 Computer Security

CS Ethical Hacking Spring 2016

COURSE INFORMATION. 3. You learn the course policies and follow them.

MIS 4336 Networks and Data Communication. Spring 2016

Testing for Security

College of Business Department of Accounting and Management Information Systems

ITFN3112 Systems Analysis and Design Spring 2014 (CRN 2-190)

Bypassing Browser Memory Protections in Windows Vista

Advanced ANDROID & ios Hands-on Exploitation

From SQL Injection to MIPS Overflows

OWASP Spain Barcelona 2014

Course Content Concepts

English 1302 Writing Across the Curriculum Fall 2015

Security and Computer Forensics ITP 477 (4 Units)

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

COM 1010, Basic Web Design

Mobile App Project ITP 442x (4 Units)

H. JOHN HEINZ III COLLEGE CARNEGIE MELLON UNIVERSITY PROJECT MANAGEMENT SPRING A3 / B3 COURSE SYLLABUS

EECS 354 Network Security. Introduction

Unix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu>

Advanced Internet Security

CCA CYBER SECURITY TRACK

Linux Kernel. Security Report

ENGR 100 Introduction to CAD Drexel Engineering Core Curriculum

DESIGN FOR USER EXPERIENCE (ITP 310)

Advanced Systems Security

Date: Ray Trygstad Associate Chair, Department of Information Technology and Management

Exploiting Trustzone on Android

90% of data breaches are caused by software vulnerabilities.

IT 145 Section 300 Fall 2013 Web Design Fundamentals: HTML and Style Sheets. Syllabus and Course Outline

Attacking Host Intrusion Prevention Systems. Eugene Tsyrklevich

ERP 5210 Performance Dashboards, Scorecard, and Data Visualization Course Syllabus Spring 2015

Collin College Business and Computer Systems

MGMT 280 Impact Investing Ed Quevedo

CS 464/564 Networked Systems Security SYLLABUS

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows

IST565 M001 Yu Spring 2015 Syllabus Data Mining

CS 1361-D10: Computer Science I

COLLIN COLLEGE COURSE SYLLABUS

CORE SECURITY. Exploiting Adobe Flash Player in the era of Control Flow Guard. Francisco Falcon Black Hat Europe 2015 November 12-13, 2015

IST359 INTRODUCTION TO DATABASE MANAGEMENT SYSTEMS

BA530 Financial Management Spring 2015

Practical taint analysis for protecting buggy binaries

INTRODUCTION TO INFORMATION TECHNOLOGY

ITSY Security Assessment/Auditing Spring 2010 Professor: Zoltan Szabo D111 LEC TR 11:20AM 12:45PM D111 LAB TR 12:50PM 02:15PM

DSCI 3710 Syllabus: Spring 2015

ITS425: Ethical Hacking and Penetration Testing

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Transcription:

Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday 2 4PM Room Location: Walker 5113 Course Website: http://security.cs.rpi.edu/courses/binexp spring2015/ Prerequisites (one of the following or permission of instructor): CSCI 2500 Computer Organization ECSE 2660 Computer Architecture, Networks, and Operating Systems Instructor Name: Bülent Yener Office location: Lally 310 Email Address: yener@cs.rpi.edu Teaching Assistant(s) TAs: RPISEC TA Office Location: Sage 3101 TA Office Hours: Wednesday 7 10PM TA Email Address: binexp_ta@cs.lists.rpi.edu Course Description Cybersecurity is one of the fastest growing fields in computer science, though its study is rarely covered in academia due to its rapid pace of development and its technical specificity. Modern Binary Exploitation will focus on teaching practical offensive security skills in binary exploitation and reverse engineering. Through a combination of interactive lectures, hands on labs, and guest speakers from industry, the course will offer students a rare opportunity to explore some of the most technically involved and fascinating subjects in the rapidly evolving field of security. The course will start off by covering basic x86 reverse engineering, vulnerability analysis, and classical forms of Linux based userland binary exploitation. It will then transition into protections found on modern systems (Canaries, DEP, ASLR, RELRO, Fortify Source, etc) and the techniques used to defeat them. Time permitting, the course will also cover other subjects in exploitation including kernel land and Windows based exploitation. Modern Binary Exploitation 1 of 6 05.05.2015

Course Text(s) Suggested Textbooks: Hacking: The Art of Exploitation, 2nd Edition by Jon Erickson ISBN 978 1593271442 The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition by Chris Anley et al ISBN 978 0470080238 Student Learning Outcomes Upon successful completion of this course, students will: 1. Possess the skills necessary to carry out independent vulnerability research against binary applications. 2. Have an intimate understanding of executable formats, program control flow at the assembly level, and other low level concepts. 3. Understand classic and contemporary vulnerabilities and exploitation techniques. 4. Apply both source code auditing and binary reverse engineering to the vulnerability discovery process. 5. Be capable of exploiting vulnerabilities found in real world software as defined by MITRE s Critical Vulnerabilities and Exposures (CVE) system. Course Assessment Measures Labs: Accompanying each lecture will be a lab that will solidify understanding of the topic of the lecture. Each lab will contain at least 3 problems, a C, B, and A level problem. There may occasionally be an A+ problem for extra credit. Term Projects: There will be two projects over the course of the semester. In these projects students will be exploiting a known vulnerability in a realistic piece of software as selected by the instructors. Students will be expected to analyze the vulnerability and produce a working exploit with a writeup detailing the vulnerability and how it can be leveraged to gain privileged information. Students may work in groups of up to two for projects. See the Grading Criteria and Course Calender sections for further details. Modern Binary Exploitation 2 of 6 05.05.2015

Grading Criteria Students will be able to calculate their standing at any time during the class by using the below percentages to calculate their grade. Labs: 60%, 10 labs equally weighted at 6% Labs will typically consist of 3 problems, a C, B, and A problem with each problem harder than the last. Lab grading works as follows. Students who complete only the C problem will receive a C Students who complete both the C and B problems will receive a B Students who complete all three lab problems will receive an A There may be one or two A+ problems throughout the semester that can be used to increase the letter grade of any previous lab If a student does not complete the first problem before the end of lab, they will receive a letter grade reduction for the assignment. In order to receive full credit for a problem the student must submit their exploit code, the flag, and may be asked to explain their work upon submission to be checked off. Labs problems will be introduced by the end of lecture. The first problem will be due in person by the end of the associated lab period. All other problems become homework, and are due at the start of class, exactly one week after the associated lab period. Labs submitted late will receive a letter grade reduction and MUST be submitted no later than the class following their original due date, anything later will not be accepted. Term Projects: 40%, two projects equally weighted at 20% Project specific grading breakdowns will be given when they are assigned. Project checkpoints exist to keep you on pace with projects, failing to make checkpoints will result in a 5% reduction to the term project grade. Projects submitted late will receive a 10% reduction per day late, and will not be accepted for credit after 5 days. There will be servers dedicated to hosting the problems to be completed by students for both the lab and projects. The submitted exploits/solutions can be developed in any practical manner, but ultimately must work on the course servers to receive credit. Grades and course progress will be made available to students throughout the semester. A grade can only be appealed within 5 days of the grade being made available to students. Questions regarding a grade on an assignment should first be directed at the class TAs. Modern Binary Exploitation 3 of 6 05.05.2015

Course Calendar Date Title Topics Content 1/27 Syllabus and Review Linux, C, x86 1/30 Introduction to Reverse Engineering Tools and the VM 2/3 Extended Reverse Engineering GDB & IDA 2/6 Reverse Engineering Lab Lab 2/10 Intro to Memory Corruption ELF, the stack, calling conventions, buffer overflows 2/13 Memory Corruption Lab Lab 2/17 ******* NO CLASS ******* President s Day 2/20 Shellcoding / Code Injection Writing shellcode, developing scenario relevant payloads 2/24 Shellcoding Lab Lab 2/27 Mid term Project Assigned Format String Vulnerabilities Format strings, DTOR/GOT overwrites 3/3 Format String Lab Lab 3/6 ******* NO CLASS ******* ISTS12 @ RIT 3/10 DEP and ROP Data Execution Prevention, writing ROP, ret2libc 3/13 ROP Lab Lab 3/17 Mid term Project Checkpoint One Due Secure Systems and Game Console Exploitation OpenBSD, SELinux, GRSEC Game Console Exploitation 3/20 Project One Lab Lab 3/24 ******* SPRING BREAK ******* Modern Binary Exploitation 4 of 6 05.05.2015

3/27 ******* SPRING BREAK ******* 3/31 Mid term Project Due Address Space Layout Randomization (ASLR) Overview, info leaks, partial overwrites, ASLR closure 4/3 ASLR Lab Lab 4/7 Heap Exploitation Heap structure and concepts, corruption, use after free 4/10 Heap Exploitation Lab 4/14 Stack Cookies & Misc Concepts Bypassing stack cookies, signed/unsignedess issues, uninitialized data, etc 4/17 Misc Concepts Lab Lab 4/21 C++ Differences & Concepts C++ basics, structures, vtables, Exceptions 4/24 Final Project Assigned C++ Exploitation Lab Lab 4/28 Kernel Exploitation Basic kernel exploitation 5/1 Final Project Checkpoint One Due Kernel Exploitation Lab Lab 5/5 Final Project Lab Lab 5/8 Final Project Checkpoint Two Due Exploitation on ARM, 64bit, Windows Branching out, how exploitation differs on ARM, 64bit, and Windows 5/12 Automation & The Future of Exploitation Fuzzing, taint analysis, dynamic instrumentation, SMT/SAT solvers 5/15 Final Project Due Modern Binary Exploitation 5 of 6 05.05.2015

Attendance Policy Although attendance for lecture is not mandatory, it will be exceptionally difficult to keep up without attending due to the subject matter and progression of the course. Attendance for labs is required as the first problem of each lab set must be turned in in person during lab. See Grading Criteria for more details Academic Integrity Student teacher relationships are built on trust. For example, students must trust that teachers have made appropriate decisions about the structure and content of the courses they teach, and teachers must trust that the assignments that students turn in are their own. Acts that violate this trust undermine the educational process. The Rensselaer Handbook of Student Rights and Responsibilities defines various forms of Academic Dishonesty and you should make yourself familiar with these. In this class, all assignments that are turned in for a grade must represent the student s own work. In cases where help was received, or teamwork was allowed, a notation on the assignment should indicate your collaboration. Submission of any assignment that is in violation of this policy will result in a penalty of a zero for the assignment for all parties involved. Repeated offenses will result in a failing grade for the course. If you have any question concerning this policy before submitting an assignment, please ask for clarification. Other Course Specific Information The labs and interactive exercises used in lecture will be hosted in a variety of different series on an internal Wargame server meant purely for teaching security concepts in a safe and educational environment. Students enrolled in the course will have SSH access to the server and are expected to use it as an aide to the learning process. Attacking parts of the server infrastructure beyond the scope of what is assigned or attempts to disrupt services for the course or other students is not allowed and will be considered a violation of academic integrity. Due to the experimental nature of the course and assignments being offered, the schedule, pacing, and other elements of the course may be modified depending on the rate at which students are progressing. Any changes made to the curriculum will be clearly defined and communicated to the students as well as being documented accordingly. Modern Binary Exploitation 6 of 6 05.05.2015

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information