Vulnerability Discovery and Exploitation¶
This module provides an introduction to the discovery and exploitation of vulnerabilities in software systems. Taking on the attacker perspective, we begin by reasoning about the circumstances that turn seemingly minor programming flaws into gateways for unauthorized access. We learn how to uncover attack surface, determine trust relationships, review code for design and implementation flaws and demonstrate their exploitability.
With these practical experiences in mind and an appreciation for the difficulty of the task, we proceed to focus on methods for automating parts of the discovery process, both via static and dynamic program analysis. We learn about fuzz testing and instrumentation, static analysis of control- and data flow, the usefulness of type systems for vulnerability discovery, and variant analysis based on intermediate graph representations of code.
Mode of Presentation¶
The lecture will be given online (using MS Teams) and we will pause at regular intervals for questions and discussion. Recordings will be made available upon request.
For more information navigate to the schedule.
Your final mark for the course will be determined as follows:
- There will be 5 assignments. Each assignment requires a plagiarism declaration to accompany the hand-in and plagiarism will be checked for and enforced.
- Each of these assignments will be weighted equally, but may be adjusted if an assignment is found to be disproportionately difficult.
Assignments will usually have both a practical and written aspect. Each topic will approach the covered themes from various angles to cover the different ways one can get into software vulnerability discovery e.g. auditing, academic, pentester, etc.
After course completion, students should:
- be able to identify attack surface and trust relationships in software systems
- understand how security impact of vulnerabilities is determined
- be able to review system designs for security-relevant flaws
- spot typical web application implementation vulnerabilities
- discover system code vulnerabilities via source code review
- discover vulnerabilities by reverse engineering binary code
- be able to write basic proof-of-concept exploits
- know the capabilities and limitations of static/dynamic analysis
- be capable of running basic fuzzing campaigns and triaging results
- be aware of the building blocks of a static analysis pipeline
- know common intermediate code representations and how to extract them
- understand algorithms for static data flow analysis
- be able to automate variant analysis with static analysis primitives
Prior security knowledge is not required but a rough idea of how web applications work is assumed. It is advantageous to have a basic knowledge of C and assembly language (any platform), however, a short primer is also given as part of the lecture.
Supplementary material can be found under resources.