Notes Index for Secure Software

Intro to Secure Software Design:

Preamble: Why I'm teaching x86 in Secure Software Design

PWN rigs, a few options for reversing stuff

Mastery Goal A:

Learn just enough C to compile an executable that does some basic stuff

Never used: C basics, compiling, loops, etc.

Adjusted notes class 2: C as ASM++, intro to reversing

Mastery Goal B:

Class 3: CONTINUED Intro to x86, Framework of all exploits, First crackmes

Class 4 (also class 5): Crackmes!

Class 6: Reversing Basic Code Patterns (if, for, mod, etc)

Mastery Goal C:

Class 7: Calling Conventions!

Extra Notes: Calling Conventions and Parameters

Mastery Goal D:

Class 9: pwntools and baby buffer overflow

Mastery Goal E:

Class 10: Shellcode and leak processing for chall_03

Mastery Goal F:

Class 11: Intro to ROP

Class 12: 32-bit Arguments, applied calling conventions

Mastery Goal G:

Class 14: PLT/GOT for linking and random address hacks

Class 15: Same notes, we'll practice actually using the knowledge

Mastery Goal H:

Class 13: looting wal-mart / escape into glibc

Mastery Task I:

Class 15: Format String Vulnerability


Class 16: PWN AMA, live Q&A office hours catch-up

Class 17: One problem per PWN task and more

Class 18: How to think in pre-heap PWN

Mastery Task L:

Class 19: syscall, int 0x80, sigreturn (SROP)


Master gdb with pwndbg and learn the fundamentals of the heap


Generating a Leak given UAF

Class 21: Generating leaks, heap playground, starter script

Class 22: Generating leaks in-depth

WWW via tcache-poisoning

Class 23: WWW via tcache-poisoning

Class 24: we still need a little more tcache practice.

Mom's Spaghetti

Class 25-26: Mom's Spaghetti - UAF for leaks, WWW, and free_hook

LAB DAY: Mom's Spaghetti from the keyboard

LAB DAY: version 2.32

Tale of the 5 Bins

Class ???: Deep dive into all bins

Double-Free Only

House of Botcake (turning a double free into a UAF for tcache-poisoning)

glibc 2.34+ no FREE_HOOK

Cutting Edge: no FREE_HOOK

FAREWELL to the course

Last Class: high-level view


Get a couple years of scholarships in exchange for taking a job with the gov't