Modern Binary Exploitation Course – Penetration Testing

Vulnerability research & exploit development is something totally outside the bounds of what you see in a normal computer science curriculum, but central to a lot of what we RPISEC members find ourselves doing in our free time. We also find that subjects in offensive security tend to have a stigma around them in university that we would like to help shake off. These are practical, applied skills that we’re excited to share with those interested in learning.

The question this course posed was ‘Can we teach a bunch of programmers how to pwn?’

Course website: http://ift.tt/1B6Lkho

Syllabus: http://ift.tt/1aoqYv6

Course Abstract

Cybersecurity is one of the fastest growing fields in computer science, though its study is rarely covered in academia due to its rapid pace of development and its technical specificity. Modern Binary Exploitation will focus on teaching practical offensive security skills in binary exploitation and reverse engineering. Through a combination of interactive lectures, hands on labs, and guest speakers from industry, the course will offer students a rare opportunity to explore some of the most technically involved and fascinating subjects in the rapidly evolving field of security.

The course will start off by covering basic x86 reverse engineering, vulnerability analysis, and classical forms of Linux-based userland binary exploitation. It will then transition into protections found on modern systems (Canaries, DEP, ASLR, RELRO, Fortify Source, etc) and the techniques used to defeat them. Time permitting, the course will also cover other subjects in exploitation including kernel-land and Windows based exploitation.

Prerequisite Knowledge

This course carried a prereq of Computer Organization – CSCI 2500 at RPI. Computer Organization is RPI’s basic computer architecture course that teaches things like C, MIPS assembly, x86 assembly, Datapaths, CPU Pipelining, CPU Caching, Memory Mapping, etc.

Our expected demographic for Modern Binary Exploitation was students with zero reverse engineering or binary exploitation knowledge. That said, to be able to take this course you will probably need at least the following skills.

Working knowledge of C/C++

Any assembly level experience

Basic Linux command line experience

Lecture Breakdown

Lab Breakdown

Download

git clone http://ift.tt/2tnJgHn

This repository contains the materials as developed and used by RPISEC to teach Modern Binary Exploitation at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.

More info.

The post Modern Binary Exploitation Course appeared first on Penetration Testing.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s