Lecture: Program Analysis and Binary Exploitation (PABE)
Course:
- Responsible: Prof. Dr. Peter Martini, Dr. Elmar Padilla, Martin Clauß
- Start: 11.10.2019
- Dates: Fri 12:00 to 14:00, weekly, HSZ - HS7 ATTENTION: First lecture on Oct. 11 starts at 2 p.m.!
- Course number: 612103322
Exercises:
- Responsible: Martin Clauß
- Start: 18.10.2019
- Dates: Fri. 14 - 16, bi-weekly, HSZ - HS7
- Course number: 612203322
Other:
- Term: Master Computer Science
- Requirements:
- Faculty: MA-INF 3322
- Effort: 2L + 2E / 6CP
Description
Our computers run a lot of closed source binary programs meaning that the source code of those programs is not available. Naturally, those programs contain bugs, mistakes that the programmer made during the development. Those bugs could (under certain circumstances) be exploited by attackers and thus may lead to arbitrary code execution.
In this lecture we aim to teach you how to find well known exploitable bugs and how to exploit them. You will first learn about basic binary program analysis such as static and dynamic analysis. After this introduction we will talk about vulnerability discovery in general meaning that you will learn how to find exploitable bugs by yourself.
Next, we move on to basic stack-based buffer overflows and add mitigation techniques (stack cookies, NX, ASLR, RELRO, ...) as we progress and exploit them as well. After we finished the topic of stack-based buffer overflows we move on to more advanced topics such as format string exploits, heap exploitation, use-after-free exploits and others.
The lecture ends with one or two complex case studies (concrete contents will be announced later).
You should have basic knowledge of the Linux operating system (including Bash) and also know basic Python programming. Additionally, you should have attended the following lectures: "Kommunikation in Verteilten Systemen", "Systemnahe Programmierung" (bonus: Malware Boot Camp and the lecture "Reaktive Sicherheit") or have at least an equivalent knowledge. If you did not attend any of those lectures you should have a look at 
https://www.cs.virginia.edu/~evans/cs216/guides/x86.html and https://learnxinyminutes.com/docs/c/ and https://www.cs.drexel.edu/~julia/cs500/documents/lectures/LinuxIntro.pdf to prepare for the lecture.
Please refer to pabe.seclab-bonn.de for any additional information such as slides, exercise sheets and so on! (Note: The website and all PABE services are only available from the Computer Science Department network! You can, for example, use sshuttle (sshuttle.readthedocs.io/en/stable/) to tunnel all your traffic through zeus.cs.uni-bonn.de via SSH or use the Computer Science Department’s VPN. If you haven't got access yet, for example, because you study math, physics or any other non-CS study, please apply for an account (see here). If you need a signature bring the form to the first lecture so we can sign it!)
We are looking forward to seeing you in the lecture! :)
| Date | Title | Notes |
|---|---|---|
| 11.10.2019 | Introduction | lecture |
| 18.10.2019 | Basics | lecture and tutorial |
| 25.10.2019 | Static Analysis | lecture |
| 01.11.2019 | Public Holiday | no lecture |
| 08.11.2019 | Dynamic Analysis | lecture and tutorial |
| 15.11.2019 | RE Workflow | lecture |
| 22.11.2019 | Vulnerability Research I | lecture and tutorial |
| 29.11.2019 | Vulnerability Research II | lecture |
| 06.12.2019 | Basic Binary Exploitation I | lecture and tutorial |
| 13.12.2019 | Basic Binary Exploitation II | lecture |
| 20.12.2019 | Advanced Binary Exploitation I | lecture and tutorial |
| Christmas Break | no lectures | |
| 10.01.2020 | Advanced Binary Exploitation II | lecture |
| 17.01.2020 | Case Study I | lecture and tutorial |
| 24.01.2020 | Case Study II | lecture |
| 31.01.2020 | Invited Talk by Gynvael Coldwind | tutorial first, then the talk |
Announcements
The very first lecture on the 11th of October will start at 2PM (and not 12PM)!
First Exercise Sheet Online!
Dear students,
the lecture has not started yet but we already released the first exercise sheet! This sheet will NOT be graded but serves as a preperation for the lecture. Try to solve the tasks on your own so that you learn something. It is absolutely NOT necessary to solve all the tasks to follow the lecture but it is a good warm-up :) Have fun with this first sheet that can be found here: https://pabe.seclab-bonn.de/exercise_sheets/sheet_0/
If you have any questions feel free to drop me an email: mc[REPLACE-ME-WITH-AN-@]cs.uni-bonn.de
Martin (Clauß)
Intro Slides
Dear Students,
the Intro slides have been uploaded and can be found here: https://pabe.seclab-bonn.de/00-Intro.pdf
Best, Martin