This course focuses on a variety of attacks on computer systems. Some of them are classical attacks, and some are quite new, such as the recently discovered Dirty COW, Meltdown, and Spectre attacks. The course emphasizes hands-on learning. For each attack covered, students not only learn how the attack work in theory, they also learn how to actually conduct the attack, in a contained virtual machine environment. The hands-on exercises developed by the instructor are called SEED labs, and they are being used by over 1000 institutes worldwide. The course is based on the textbook written by the instructor. The book, titled “Computer & Internet Security: A Hands-on Approach, 2nd Edition”, has been adopted by over 120 universities and colleges worldwide.
Set-UID Privileged Programs
Shellshock Attack
Buffer-Overflow Attacks
Return-to-Libc Attacks
-
23Introduction
-
24Memory Layout
-
25Stack Layout
-
26Buffer Overflow Vulnerability
-
27Experiment Environment Setup
-
28Launching Buffer Overflow Attacks
-
29Exercises
-
30Writing Shellcode
-
31Countermeasures Overview
-
32Developer's Approach
-
33Address Space Layout Randomization
-
34Shell Program's Defense
-
35Non-Executable Stacks
-
36Compiler's Approach: StackGuard
-
37Heap-Based Buffer Overflow
-
38Summary
-
39Lab Exercise
Lab description