Abstract
This training will teach students without prior experience how to develop exploits for modern binary software, taking them from 1990s style buffer overflows through contemporary exploitation in programs protected by stack canaries, NX, RELRO, and ASLR. The training will focus on exploiting Linux user mode x86/x64 binaries, but the lessons learned from the class are widely applicable to other platforms and architectures. Students will learn to reason about the fundamental structures that give rise to software vulnerabilities and the various techniques used to exploit them.
The course is primarily hands-on-keyboard exercises rather than lecturing, but will introduce diagrams and theory as needed.
Course Topics
Fundamentals
- Program structure
- Disassembly and Debugging
- x86/x64 refresher
- Basic bug classes
- Hijacking control flow
- Stack overflows
Classic Exploitation
- Shellcoding
- Corrupting function pointers
- Arithmetic and integer errors
- Heap overflows
- Linux syscall interface
Overcoming Exploit Mitigations
- Stack canaries
- ASLR
- DEP/NX
- Ret2libc
- Intro to ROP
Putting It All Together
- Combining primitives
- Reasoning about mitigations and bypasses
- Exploitation on other platforms and architectures
- Continuity of execution
- Weird machines
Pre-requisites
Students are expected to have experience programming in C or C++, and basic knowledge of the Linux command line. Prior experience with reverse-engineering is nice to have, but not required.
Software requirements:
VMWare or VirtualBox to run a Linux VM (all exercises will be in the Linux VM)