Vulnerability Discovery and Exploitation
This module provides an introduction to the discovery and exploitation of vulnerabilities in software systems. Taking on the attacker perspective, we begin by reasoning about the circumstances that turn seemingly minor programming flaws into gateways for unauthorized access. We learn how to uncover attack surface, determine trust relationships, review code for design and implementation flaws and demonstrate their exploitability. With these practical experiences in mind and an appreciation for the difficulty of the task, we proceed to focus on methods for automating parts of the discovery process, both via static and dynamic program analysis. We learn about fuzz testing and instrumentation, static analysis of control- and data flow, the usefulness of type systems for vulnerability discovery, and variant analysis based on intermediate graph representations of code.
Mode of Presentation
The lecture will be given online and we will pause at regular intervals for questions and discussion. Recordings will be made available upon request.
After course completion, students should:
- be able to identify attack surface and trust relationships in software systems
- understand how security impact of vulnerabilities is determined
- be able to review system designs for security-relevant flaws
- spot typical web application implementation vulnerabilities
- discover system code vulnerabilities via source code review
- discover vulnerabilities by reverse engineering binary code
- be able to write basic proof-of-concept exploits
- know the capabilities and limitations of static/dynamic analysis
- be capable of running basic fuzzing campaigns and triaging results
- be aware of the building blocks of a static analysis pipeline
- know common intermediate code representations and how to extract them
- understand algorithms for static data flow analysis
- be able to automate variant analysis with static analysis primitives
- Prior security knowledge is not required
- A rough idea of how Web applications works is assumed
- It is advantageous have a basic knowledge of C and assembly language (any platform), however, a short primer is also given as part of the lecture.