Notes Index for Secure Software

Intro to Secure Software Design:

Preamble: Why I'm teaching x86 in Secure Software Design

PWN rigs, a few options for reversing stuff

Mastery Goal A:

Learn just enough C to compile an executable that does some basic stuff

Mastery Goal B:

Learn enough x86 to see the C

Never used: C basics, compiling, loops, etc.

Adjusted notes class 2: C as ASM++, intro to reversing

https://pwnwizard.com/

Intro to x86, Framework of all exploits, First crackmes

Mastery Goal C:

Calling Conventions!

Part 2: Calling Conventions and Parameters

Project 1:

Creative Calling Conventions

Mastery Goal D:

pwntools QUICK REFERENCE GUIDE

Our first baby buffer overflow

Mastery Goal E:

Shellcode and leak processing for chall_03

Mastery Goal F:

32-bit Arguments, applied calling conventions

Mastery Goal H:

looting wal-mart / escape into glibc

Mastery Goal G:

PLT/GOT for linking and random address hacks

Mastery Task I:

Class 12: Format String Vulnerability

Mastery Task L:

syscall, int 0x80, sigreturn (SROP)

THE HEAP PARTS:

Master gdb with pwndbg and learn the fundamentals of the heap

Heap 1: Intro to heap, MOM'S SPAGHETTI, HEAP REFERENCE GUIDES

Heap 2: Heap Vibe Check, let's explore a Use-After-Free and corrupting a linked-list

Generating a Leak given UAF

Heap 3: FAQ around generating leaks using UAF

Mom's Spaghetti

Heap 4: Processing the Leak and Using it (COMPLETE MOM'S SPAGHETTI)

Tale of the 5 Bins

Heap 5: Deep dive into all bins and the flow charts

Glibc 2.32

Heap 6: Swapping glibcs and pointer encryption/decryption

House of Botcake

Heap 7: Double free not UAF

glibc 2.34+ no FREE_HOOK

Cutting Edge glibcs: unstripping glibcs, life with no FREE_HOOK

How to learn post-ProfNinja

how2heap live demos (poison null byte, fastbin dup, unsafe unlink)

Last Class

Last Class: The outro

Stretch Goal: