Lecture: Applied Binary Exploitation

Course:

  • Responsible: Prof. Dr. Elmar Padilla
  • Start: 14.04.2023
  • Dates: Fri 12:00 - 14:00, weekly, MA 176 - HSIV, hybrid event
  • Course number:

Exercises:

  • Responsible: Martin Clauß
  • Dates: Fri 14 - 16, weekly, MA 176 - HSIV, hybrid event
  • Course number:

Other:

  • Term: Master Computer Science
  • Requirements:
  • Faculty: MA-INF 3322
  • Effort: 2L + 2E / 6CP

Description

Our computers run a lot of closed source binary programs meaning that the source code of those programs is not available. Naturally, those programs contain bugs, mistakes that the programmer made during the development. Those bugs could (under certain circumstances) be exploited by attackers and thus may lead to arbitrary code execution. In this lecture we aim to teach you how to find well known exploitable bugs and how to exploit them. After a brief recap of basic binary program analysis such as static and dynamic analysis, we will talk about vulnerability discovery in general, meaning that you will learn how to find exploitable bugs by yourself. Next we move on to basic stack-based buffer overflows and add mitigation techniques (stack cookies, NX, ASLR, RELRO, ...) as we progress and exploit them as well. After we finished the topic of stack-based buffer overflows we move on to more advanced topics such as heap exploitation, use-after-free exploits and others. The lecture ends with an analysis of a sophisticated real-world exploit. 

Organizational notes

You may take this course even if you have passed BA-INF 148 Program Analysis and Binary Exploitation (PABE) during your bachelor's.
You cannot take this course if you have already passed MA-INF 3322 Program Analysis and Binary Exploitation (PABE).

Note: This time the lecture will be hybrid. The lectures will be recorded. Exercise meetings will not be recorded.
Online participation will be possible undefinedvia BBB
.

The lecture will take place in Hörsaal 4 / HS IV in the Geozentrum. The lecture hall is located on the second floor of the Geozentrum building at Meckenheimer Allee 167, directly above Hörsaal 2. Sadly, the available floor plans do not include the second floor.

Floor plans and location (scroll down to "Geozentrum"): undefinedhttps://www.geographie.uni-bonn.de/en/department-1/sites/sites

Dates and Events

Lecture and exercise dates

NrDateLecturesExercises
02023-04-14lectureSheet 0 released
12023-04-21lectureSheet 0 Tutorial, Sheet 1 released
22023-04-28lecture
32023-05-05lectureSheet 1 Tutorial, Sheet 2 released
42023-05-12lecture
52023-05-19lectureSheet 2 Tutorial, Sheet 3 released
62023-05-26lecture

2023-06-02no lecture
72023-06-09lectureSheet 3 Tutorial, Sheet 4 released
82023-06-16lecture
92023-06-23lectureSheet 4 Tutorial, Sheet 5 released
102023-06-30lecture
112023-07-07lectureSheet 5 Tutorial
122023-07-14lecture

First exam period: to be announced

Second exam period: to be announced

Invited talk: Between the two exam periods.