Schedule
Calendar
Schedule
(Note this is a rough schedule and things are subject to change.)
-
: Introduction
|
01-introduction.pptx
In-class Video:- In-class Lab | https://youtu.be/lqKEkfvjgTA
-
: Week 2 (01/16 - 01/22): Essentials for Software Security
|
02-prerequisites.pptx
|
service_vuln.c
|
service
We will go over the prerequisites of this course. Self-learning Videos:- C 101 | https://youtu.be/logZKoG6F2s
- Python 101 | https://youtu.be/4GsJrJmHuSQ
- Bash 101 | https://youtu.be/uiS1rZsE99k
- In-class Lab | https://youtu.be/pkjxJS4Amcs
-
: Week 3 (01/23 - 01/29): Basic Software Vulnerabilities and x86_64 Assembly
|
03-basic-vulns.pptx
|
service.c
|
service
Self-learning Videos:- Command Line Injection | https://youtu.be/0_5mcFTMpvQ
- Directory Traversal | https://youtu.be/SLaETgBpD5w
- Prerequisites for Advanced Software Vulnerabilities: x86-64 Assembly 101 | https://youtu.be/leB6Lle-DeQ
-
: Week 4 (01/30 - 02/06) Stack Buffer Overflow 1
|
04-stack-1.pptx
|
service.c
|
service
|
attack template
Self-learning Videos:- Prerequisite for Writing Exploits: Byte and Endianness | https://youtu.be/rqtqI8We7uY
- Stack Buffer Overflow | https://youtu.be/k9jo39TrhOk
- Stack Overflow + Shellcode | https://youtu.be/wVIMnGFMn54
- In-class Lab | https://youtu.be/VdLQCztyl8M
-
: Week 5 (02/06 - 02/12) Stack Buffer Overflow 2
|
05-stack-2.pptx
|
stack.c
|
stack
|
libc.so.6
|
ld-2.31.so
Self-learning Videos:- Stack Defense | https://youtu.be/tjSwAeilyhM
- Return Oriented Programming | https://youtu.be/dJc_Hmfw_Fs
- In-class Lab | https://youtu.be/U_VSwlK5Yb0
-
: Week 6 (02/13 - 02/19) Stack Buffer Overflow 3
|
06-stack-3.pptx
|
stack.c
|
stack
|
libc.so.6
|
ld-2.31.so
|
solution.py
Self-learning Videos:- ELF Format | https://youtu.be/M42e58-R5Zs
- ELF Execution | https://youtu.be/kC1f26gpKKU
- ELF Dynamic Linking | https://youtu.be/Sweg4-7acE4
- Leaking libc Base via GOT Table | https://youtu.be/XhMH_uBXGt4
- In-class Lab | https://youtu.be/dILIUGkhxJ0
-
: Week 7 (02/20 - 02/26) Format String Vulnerabilities
|
07-format.pptx
|
format_string.c
|
format_string
Self-learning Videos:- Format String Vulnerabilities | https://youtu.be/TA2HeRiwjnw
- In-class Lab | https://youtu.be/75iQyB3OjyE
-
: Week 8 (02/27 - 03/05) Assignment 1 Q&A
-
: Week 9 (03/06 - 03/12) Spring Break
-
: Week 10 (03/13 - 03/19) Assignment 2 Q&A
In-class Video:- In-class Lab | https://youtu.be/cqqGntyiNq4
-
: Week 11 (03/20 - 03/26) Heap Tcache
|
11-heap-1.pptx
|
libc.so.6 (2.27)
|
ld.so (2.27)
|
use_after_free.c
|
use_after_free
Self-learning Videos:- Overview | https://youtu.be/AnUUJWqOqdE
- Tcache Data Structure | https://youtu.be/dtHIaH6q_1M
- Tcache Use After Free Vulnerabilities | https://youtu.be/iYpQFh08gzw
-
Heap Security: Week 12 (03/27 - 04/02) Heap Tcache II
|
12-heap-2.pptx
|
libc.so.6 (2.27)
|
ld.so (2.27)
|
double_free.c
|
double_free
Self-learning Videos:- Overview | https://youtu.be/xJVCW6S-_cA
- Double Free Vulnerabilities | https://youtu.be/lW6OKqll7hA
- Heap Overflow Vulnerabilities | https://youtu.be/RzwGuABzQZY
- In-class Lab | https://youtu.be/QE7GvFqF2Ho
-
: Week 13 (04/03 - 04/09) Format String Assignment Q&A
|
formatstring
|
formatstring.c
In-class Video:- In-class Lab | https://youtu.be/K_lIrz8nKD8
- In-class Lab | https://youtu.be/6Tjt4qx1aoI
-
Heap Security: Week 14 (04/10 - 04/16): Heap Data Structures and Fastbin
|
14-heap-3.pptx
Self-learning Videos:- Overview | https://youtu.be/MQb6PjyUyuc
- Arena, Chunk, and Bins | https://youtu.be/SutMBlmxmbw
-
Heap Security: Week 15 (04/17 - 04/23): Fastbin Use After Free
|
15-heap-4.pptx
|
libc.so.6 (2.27)
|
ld.so (2.27)
|
use_after_free.c
|
use_after_free
In-class Video:- In-class Lab | https://youtu.be/aAjhSBQP6lE
-
Heap Security: Week 16 (04/24 - 04/30): Fastbin Double Free
|
16-heap-5.pptx
|
libc.so.6 (2.27)
|
ld.so (2.27)
|
double_free.c
|
double_free
Self-learning Videos:- Fastbin Double Free | https://youtu.be/9pdAZElw2Y4
- Leaking Libc Base Address from Heap | https://youtu.be/58U46y2uvJ8
- How to Debug | https://youtu.be/J4ba3XS3kSo