Lecture: Program Analysis and Binary Exploitation (PABE)

Course:

Exercises:

  • Responsible: Martin Clauß
  • Start: 22.10.2021
  • Dates: Fri. 14 - 16, bi-weekly
  • Course number: 612203322

Other:

  • Term: Master Computer Science, Bachelor Cyber Security
  • Requirements:
  • Faculty: BA-INF 148, MA-INF 3322
  • Effort: 2L + 2E / 6CP

Description

Note: This time the lecture will be online. The lectures will be recorded. Exercise meetings won't be recorded.

Link: undefinedhttps://bbb.informatik.uni-bonn.de/b/mar-wsr-mds

For the first lecture on 2021-10-15, the BBB room will be open starting from 11:45 CET that day so you can join and test your connection before the actual lecture starts.

If you have trouble joining, write an email to seclab@REMOVETHISPART.posteo.net immediately.

We have already published an exercise sheet 0 which you can use to test your knowledge of some relevant subjects and get two bonus points. Scroll down to the bottom of the page!

Our computers run a lot of closed source binary programs meaning that the source code of those programs is not available. Naturally, those programs contain bugs, mistakes that the programmer made during the development. Those bugs could (under certain circumstances) be exploited by attackers and thus may lead to arbitrary code execution.

In this lecture we aim to teach you how to find well known exploitable bugs and how to exploit them. You will first learn about basic binary program analysis such as static and dynamic analysis. After this introduction we will talk about vulnerability discovery in general meaning that you will learn how to find exploitable bugs by yourself.

Next, we move on to basic stack-based buffer overflows and add mitigation techniques (stack cookies, NX, ASLR, RELRO, ...) as we progress and exploit them as well. After we finished the topic of stack-based buffer overflows we move on to more advanced topics such as format string exploits, heap exploitation, use-after-free exploits and others.

The lecture ends with one or two complex case studies (concrete contents will be announced later).

You should have basic knowledge of the Linux operating system (including Bash) and also know basic Python programming. Additionally, you should have attended the following lectures: "Kommunikation in Verteilten Systemen", "Systemnahe Programmierung" (bonus: Malware Boot Camp and the lecture "Reaktive Sicherheit") or have at least an equivalent knowledge. If you did not attend any of those lectures you should have a look at undefinedhttps://www.cs.virginia.edu/~evans/cs216/guides/x86.html and undefinedhttps://www.cs.cmu.edu/~fp/courses/15213-s07/misc/asm64-handout.pdf and undefinedhttps://learnxinyminutes.com/docs/c/ and undefinedhttps://www.usm.uni-muenchen.de/people/puls/lessons/intro_general/Linux/Linux_for_beginners.pdfundefined to prepare for the lecture. If you have some more time at your disposal you can also check out this lecture series: undefinedhttps://missing.csail.mit.edu/2020/.

After the case studies PABE finally ends with a guest lecture from renowned experts. Past guest lectures were:

2020: Maddie Stone (@maddiestone): Reversing the Root: Identifying the Exploited Vulnerability in 0-days Used In-The-Wild
2019: Gynvael Coldwind (@gynvael): Notes on Computer Hardware and Security
2018: Thomas Dullien (@halvarflake): Fundamentals of Security Exploits

Please refer to undefinedpabe.seclab-bonn.de for any additional information such as slides, exercise sheets and so on! (Note: The website and all PABE services are only available from the Computer Science Department network! You can, for example, use sshuttle (undefinedsshuttle.readthedocs.io/en/stable/) to tunnel all your traffic through login-stud.cs.uni-bonn.de via SSH or use the Computer Science Department’s VPN. If you haven't got access yet, for example, because you study math, physics or any other non-CS study, please apply for an account (see undefinedhere). If you need a signature, email us so we can sign it!)

We are looking forward to seeing you in the lecture! :)

Schedule
DateTitleNotes
2021-10-15PABE – Welcome!lecture and speedfriending
2021-10-22Basicslecture and tutorial
2021-10-29Static Analysislecture
2021-11-05Dynamic Analysislecture and tutorial
2021-11-12Reverse Engineering Workflowlecture
2021-11-19Vulnerability Research Ilecture and tutorial
2021-11-26Vulnerability Research IIlecture
2021-12-03Basic Binary Exploitation Ilecture and tutorial
2021-12-10Basic Binary Exploitation IIlecture
2021-12-17Advanced Binary Exploitation Ilecture and tutorial
Christmas Breakno lectures
2022-01-07probably* no lecture
no lecture
2022-01-14Advanced Binary Exploitation IIlecture and tutorial
2022-01-21Fuzzing From Zero To Herolecture
2022-01-28Exim RCElecture and tutorial
2022-02-04Invited Talk

talk

* If we have to skip a lecture in 2021 due to unforseen circumstances, we will use this date to catch up

Exercise Sheet 0 Online!

Dear students,

the lecture has not started yet but we already released exercise sheet 0! This sheet will NOT be graded but serves as a preperation for the lecture. Try to solve the tasks on your own so that you learn something. It is absolutely NOT necessary to solve all the tasks to follow the lecture but it is a good warm-up.

You can find the sheet here: https://pabe.seclab-bonn.de/2021/exercise_sheets/sheet_0/

Or alternatively use this pdf version.