Notes Index for Secure Software
Mastery Goal A:
Learn just enough C to compile an executable that does some basic stuff
Class 1: C basics, compiling, loops, etc.
Mastery Goal B:
Learn how to look at the x86 assembly from a compiled executable and recognize most of the above classic code components. Reverse some simple password crackers. (radare2 and gdb)
Class 2: How local variables are stored
Class 3: Registers, x86 instructions, Radare2, and first crackmes
Class 4: Radare2 and Reversing Crackmes
Class 5: Reversing Practice (for mastery)
Mastery Goal C:
Learn the calling conventions for 32-bit and 64-bit functions. Write a program in bare assembly that uses both calling conventions. (nasm and ld)
Class 6: Calling-Convention Brain Dump
https://pwnwizard.com is a choose your own adventure story to help with 32-bit calling convention
Class 7: Calling-Conventions Part 2: Parameters
Class 8: Intro to Shellcode and ASM (Project 1 Starter and also Master Task E)
Mastery Goal D:
Simple buffer overflow that reroutes the instruction pointer to a win function. Do this in the simple case of fixed function addresses (no-PIE [position independent execution]). (pwntools, checksec, and rabin2)
Class 9: Buffer Overflow Exploits, Debugging Tricks, Applied Calling Conventions
Mastery Goal E:
Exploit a binary by providing shellcode and jumping the instruction pointer to your shellcode. (The simple case is that addressing is handled for you.) (shellcraft and google)
Class 8: Intro to Shellcode and ASM (Project 1 Starter and also Master Task E)
Mastery Goal F:
Exploit a buffer overflow by creating a ROP-chain that crafts it's own shellcode in small available pieces in a no-PIE environment. (ROPgadget)
Class 10: Intro to ROP chains and Write-ups
Mastery Goal G:
Learn how address randomization works in x86. (/proc/:pid/maps)
Class 11: Address randomization and PLT/GOT
Mastery Goal H:
Use an address leak to create a ROP chain that escapes into glibc. (blukat.me, rabin2, and pwntools ELF)
Class 12: Address randomization and PLT/GOT part 2 (the daily PWN is ret2libc)
Mastery Goal I:
Create your own address leak and then escape into glibc.
Class 13: Manufacturing Leaks and the 32-bit Auto-PWNer
Mastery Goal J:
Master the primitive of a write-what-where by way of a printf vulnerability. (pwntools: fmtstr_payload)
Class 14: Intro to printf vulns
Class 15: First Write-What-Where
Mastery Goal K:
Use a write-what-where to alter the GOT table in order to create a shell, also use write-what-where and GOT to generate a glibc address leak. (Around about this point of mastery is sufficient for Project 2.) (pwntools: ELF(binary).got)
Class 16: printf tooling, learning from write-ups, some printf gotchas
Class 17: Full printf demo
Mastery Goal L:
Master the use of a syscall instruction (both 32-bit and 64-bit) to make operating system calls (syscall tables) SROP too
Class 18: Life without a Win: pt 1 - SROP and syscalls
STEP BACK: An abstract PWN framework
Class 19: The parts of any exploit and exponentially growing your skills
Mastery Goal M:
Understand the structure of the heap and perform a heap overflow exploit. (pwndbg vis)
Class 20: Intro to gdb (pwndbg)
Class 21: Intro to the Heap
Class 22: how2heap and Linking an old glibc effectively
Mastery Goal P:
House of [Force, Orange, Spirit, Einherjar, Storm] (How to Heap and glibc versions)
Class 23: follow a write-up for House of Force
Class 24: Homemade House of Force
Class 32: House of Orange (unsorted bin attack / partial unlink)
Class 35: Finish 2.23 FSOP, HOO wrap-up pt. 1
Class 36: HOO wrap-up pt. 2 OR cutting edge exploit via FSOP
Class 38: Fake Chunks and House of Einherjar
Mastery Goal N:
Fastbin and Arena exploits (pwndbg arena)
Class 25: THE BINS
Class 26: Heap Fundamentals 1 - tcache why and how
Class 31: tcache/fastbin exploits in 2.34
Mastery Goal O:
Double-Free, Use-after-free exploits (linked lists vis)
Class 27: Use-After-Free exploits
Class 28: Tales from the heap - debug glibc malloc, main_arena, fastbins (Also an awesome heap vuln playground source)
Class 29: Fastbin dup story
Class 30: Fastbin Dup targeting malloc_hook-35
Mastery Goal Q:
Pratice Security Research vis FSOP
Class 33: Intro to FSOP
Class 34: 2.23 FSOP Exploits
Class 37: A cutting edge (2.34) exploit and hunting strategy
WRAP-UP
Class 39: A look back, a look forward, last class.