Projects for Secure Software

Project 1: Markovian Tweets. (Due March 9th)

The task is to take in sample text and generate a tweet (280 characters) in the style of that text using Markov Chains. For super-extra credit consume a user name from Twitter and grab some tweets by the person as your source material. Further awesomeness if you build a tweet-bot.

Project 1 Milestones

This task is designed to push you a bit. You'll have to figure out many moving parts to make it a success. Here are some mastery tasks you can measure yourself by and talk to me if you get stuck.

• Ingest Data. You'll need to be able to parse data I provide at submission time so think about formats and storage. For the inspired folk this will require an additional step of requesting and parsing data from Twitter's API.
• Study Algorithms. Markov Chains for generating sentences isn't a hard task of the course, it is an example of my faith in you as internet-age bright capable people. So the real goal is that you can look for a few different approaches and decide which one would be most feasible to implement.
• Computation in C/C++. Because you're going to need to get some sort of probabilistic next phrase you'll have to play with distributions and data structures. Depending on your algorithmic choice this might go down the route of matrices or graphs but you'll need to deploy some math for sure.

Project 1.5: QA on Tweeter (March 23rd)

Quality Assurance This markovian tweeter will be a center piece of a new ad campaign for your company. It will be morphed and used in many new products and it will learn from user data which might be malicious. Your job, as the QA team, is to take a deep dive into the partner team's codebase looking for flaws. Use the CERT rules and recs as your compass, so any violations of those go in your report. The job is to provide an actionable report on issues with the codebase that the developers should fix before launch and for the long-term maintainability of the project.

Project 2: Grok a PWN

Take a look at the exploits behind the 25 challenge problems at challenge. Pick one that you don't understand and dive in. You'll be able to find walkthroughs on the internet out there, but they are often too abbreviated, terse, or presume a ton. Take the first problem you picked and master it well enough to solve it and make a write-up that you are proud of and would have rather read when you started. If you select an early problem then you should do 2-3 if you select a later problem you should group up and ask a lot of questions. Select based on your personal growth.

• ROP gadget 101, leak libc address
• Sigreturn (SROP)
• 32-bit calling convention
• shellcode injection (write to .bss; actually 6 is a blank canvas for learning many things)
• string format: short byte overwrite
• string format: multiple overwrites
• leak libc w format string, rop to get shell
• overwrite stack check fail with main to get a loop in main
• write an open/read/write shellcode (barely any constraints)
• write an execve("/bin/sh", NULL, NULL) shellcode by writing to two smallish buffers
• get the flag with seccomp enabled (you have a small number of syscalls you can make)
• buffer overflow in the heap.
• The rest are named with their vulnerability