Lecture: Program Analysis and Binary Exploitation (PABE)



  • Responsible: Martin Clauß
  • Start: 13.11.2020
  • Dates: Fri. 14:00 to 16:00, bi-weekly, online
  • Course number: 612203322


  • Term: Master Computer Science, Bachelor Cyber Security
  • Requirements:
  • Faculty: MA-INF 3322, BA-INF 148
  • Effort: 2L + 2E / 6CP


Guest Lecture by Maddie Stone


Maddie Stone from Google's Project Zero will talk about "Reversing the Root: Identifying the Exploited Vulnerability in 0-days Used In-The-Wild". If you did not get the Abstract of the talk and the Zoom link via mail and you're interested please contact me. The talk will be on Thursday, 18th of February, 4PM CET <blink>sharp</blink>. Looking forward to seeing you! - MC

Exercise Sheet 0


The zeroth exercise sheet will be available this night at: undefinedhttps://pabe.seclab-bonn.de/exercise_sheets/
Make sure you are connected to the CS VPN or have a tunneled connection through zeus.cs.uni-bonn.de. If your IP address does not start with 131.220. you are not inside the CS network: undefinedhttps://ifconfig.co/ - MC

Exercise Sheet 0


On Monday, 2nd of November, we will upload the zeroth exercise sheet. For this sheet you won't get any points. Its purpose is to prepare you for the lecture and especially for the exercises. You should try to solve as many tasks as possible. Even if you cannot solve the task completely you might learn something new ;-) We will talk about the solutions in the first exercise meeting. Happy hacking :) - MC




Note: This time the lecture will be online. The lectures will be recorded. Exercise meetings won't be recorded.

Link: undefinedhttps://bbb.informatik.uni-bonn.de/b/mar-um9-r0b

For the first lecture on 2020-11-06, the BBB room will be open starting from 11:45 CET that day so you can join and test your connection before the actual lecture starts.

If you have trouble joining, write an email to seclab@REMOVETHISPART.posteo.net immediately.

Our computers run a lot of closed source binary programs meaning that the source code of those programs is not available. Naturally, those programs contain bugs, mistakes that the programmer made during the development. Those bugs could (under certain circumstances) be exploited by attackers and thus may lead to arbitrary code execution.

In this lecture we aim to teach you how to find well known exploitable bugs and how to exploit them. You will first learn about basic binary program analysis such as static and dynamic analysis. After this introduction we will talk about vulnerability discovery in general meaning that you will learn how to find exploitable bugs by yourself.

Next, we move on to basic stack-based buffer overflows and add mitigation techniques (stack cookies, NX, ASLR, RELRO, ...) as we progress and exploit them as well. After we finished the topic of stack-based buffer overflows we move on to more advanced topics such as format string exploits, heap exploitation, use-after-free exploits and others.

The lecture ends with one or two complex case studies (concrete contents will be announced later).

You should have basic knowledge of the Linux operating system (including Bash) and also know basic Python programming. Additionally, you should have attended the following lectures: "Kommunikation in Verteilten Systemen", "Systemnahe Programmierung" (bonus: Malware Boot Camp and the lecture "Reaktive Sicherheit") or have at least an equivalent knowledge. If you did not attend any of those lectures you should have a look at undefinedhttps://www.cs.cmu.edu/~fp/courses/15213-s07/misc/asm64-handout.pdf and undefinedhttps://learnxinyminutes.com/docs/c/ and undefinedhttps://www.cs.drexel.edu/~julia/cs500/documents/lectures/LinuxIntro.pdf to prepare for the lecture. It is not necessary to understand all the details but you should have a good basic knowledge about those contents!

Please refer to undefinedpabe.seclab-bonn.de for any additional information such as slides, exercise sheets and so on! (Note: The website and all PABE services are only available from the Computer Science Department network! You can, for example, use sshuttle (undefinedsshuttle.readthedocs.io/en/stable/) to tunnel all your traffic through zeus.cs.uni-bonn.de via SSH or use the Computer Science Department’s VPN (more information undefinedhere). If you haven't got access yet, for example, because you study math, physics or any other non-CS study, please apply for an account (see undefinedhere). If you need a signature please contact us!

We are looking forward to seeing you in the lecture! :)

Schedule (updated on January 22nd 2021)
06.11.2020Introductionlecture, you will receive important information in this lecture
13.11.2020Basics and Reverse Engineeringlecture + exercise meeting
20.11.2020Basics and Reverse Engineeringlecture
27.11.2020Basics and Reverse Engineeringlecture + exercise meeting
04.12.2020Basics and Reverse Engineeringlecture
11.12.2020Vulnerability Researchlecture + exercise meeting
18.12.2020Vulnerability Researchlecture
Christmas Holidays
08.01.2021Basic Binary Exploitationlecture + exercise meeting
15.01.2021Basic Binary Exploitationlecture
22.01.2021Advanced Binary Exploitationlecture
29.01.2021Advanced Binary Exploitationlecture + exercise meeting (Sheet 4)
05.02.2021Fuzzing From Zero To Herolecture
12.02.2021Exim RCElecture + exercise meeting (Sheets 5 and 6)
tbaGuest Lecture