This course will familiarize students with all aspects of reverse engineering (reversing) Linux 32-bit applications for the purposes of locating flaws and developing exploits. By the end of this course students will be able to understand, locate, and exploit all of the common flows in 32-bit Linux software. These flaws include, but are not limited to, buffer overflow, heap overflows, format string flaws, section overflows, and kernel flaws. Along the way students will gain a better understanding of how Linux 32-bit applications work and will be exposed to a number of common reversing tools such as specialized debuggers (IDA Pro) and fuzzers. As always, you will also learn how to leverage Python and other scripting tools in order to automate the discovery and exploitation of software flaws.
Overview
Syllabus
- Course Introduction
- Getting Started
- Evan's Debugger
- GDB Debugger
- IDA Pro
- A Little Bit of Assembly Part 1
- A Little Bit of Assembly Part 2
- A Little Bit of Assembly Part 3
- A Little Bit of Assembly Part 4
- Stack Buffer Overflows Part 1: The Basics
- Stack Buffer Overflows Part 2: A Simple Example
- Stack Buffer Overflows Part 3: Stack Protection
- Stack Buffer Overflows Part 4: Calculating Offsets
- Stack Buffer Overflows Part 5: JMP ESP
- Stack Buffer Overflows Part 6: More Stack Protection
- Stack Buffer Overflows Part 7: Return to Libc
- Stack Buffer Overflows Part 8: Chaining Return to Libc
- Stack Buffer Overflows Part 9: ASLR and the PLT
- Stack Buffer Overflows Part 10: GOT Overwrite and Dereference
- Stack Buffer Overflows Part 11: Stack Canaries and Summary
- Heap Buffer Overflows Part 1: Heap Basics
- Heap Buffer Overflows Part 2: Simple Examples
- Heap Buffer Overflows Part 3: Simple Examples Continued
- Heap Buffer Overflows Part 4: More Examples
- Heap Buffer Overflows Part 5: Still More Examples
- Format String Flaws Part 1: The Basics
- Format String Flaws Part 2: Crashing Programs
- Format String Flaws Part 3: Reading Data From the Stack
- Format String Flaws Part 4: Reading Arbitrary Memory Locations
- Format String Flaws Part 5: Writing to Arbitrary Memory Locations and Summary
- Kernel Flaws Part 1: How Linux API Functions are Called
- Kernel Flaws Part 2: 32-bit System Calls
- Reversing Malware Part 1: The Basics
- Reversing Malware Part 2: First Steps
- Reversing Malware Part 3: Symbols and Libraries
- Reversing Malware Part 4: ELF Files
- Reversing Malware Part 5: Examining Sections and Segments
- Reversing Malware Part 6: Setting Up a Sand Box
- Reversing Malware Part 7: Setting Up a Sand Box Continued
- Reversing Malware Part 8: Using Strace and Ltrace
- Reversing Malware Part 9: Using Evan’s Debugger
- Reversing Malware Part 10: Using GDB Debugger
- Reversing Malware Part 11: Obfuscation
- Course Wrapup
Taught by
Dr. Philip Polstra