Lectures
| Date | Topic | Discussions (do readings before class) | |
| 01/09 | Introduction (slides, hackpack) | ||
| 01/16 | Shellcode (slides) | x86 Assembly Guide (link) Emulation-based Detection of Non-self-contained Polymorphic Shellcode (link) [RAID’07] |
|
| 01/23 | Linux Security (slides) | Setuid Demystified (link) [USENIX Sec’02] Address Space Layout Permutation (ASLP) (link) [ACSAC’06] |
|
| 01/30 | Reverse Engineering (slides) | Automatic Reverse Engineering of Malware Emulators (link) [S&P’09], Native x86 Decompilation using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring (link) [USENIX Sec’13], Reassembleable Disassembling (link) [USENIX Sec’15] |
|
| 02/06 | Control-flow hijack attacks (slides) | Smashing The Stack For Fun And Profit (link) and Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns (link) [S&P’04] | |
| 02/13 | Stack Canaries & ASLR (slides) | StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (link) [USENIX Sec’98] and NOEXEC | |
| 02/20 | Return-into-libc & ROP (slides) | The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (link) [CCS’07] | |
| 02/27 | Symbolic Execution & Fuzzing (slides) | KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs (link) [OSDI’08], The Art, Science, and Engineering of Fuzzing:A Survey (link) [IEEE TSE’19] |
|
| 03/05 | Midterm Exam | ||
| 03/12 | Spring Break - No class | ||
| 03/17 | COVID-19 madness | class becomes online-only from this point on | |
| online | Web Security (slides) | Intro | |
| online | Web Security (slides) | More intro | |
| online | Web Security (slides) | SQL Injections | |
| online | Web Security (slides) | HTML+JavaScript | |
| online | Web Security (slides) | AJAX & web frameworks | |
| online | Web Security (slides) | Client-side Attacks & Isolation | |
| online | Web Security (slides) | Session Fixation and other attacks | |
| online | Web Security (slides) | XSS Attacks | |
| 04/17 | HackPack CTF | Capture the Flag event for the class that is open to the public, join here | |
| 04/27 | Final Exam | online web security assignment |