Skip to content

BlackAp3rture/mbe_practice

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src
src
 
 
.DS_Store
.DS_Store
 
 
ACKNOWLEDGEMENTS
ACKNOWLEDGEMENTS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Course website: http://security.cs.rpi.edu/courses/binexp-spring2015/

Syllabus: http://security.cs.rpi.edu/courses/binexp-spring2015/Syllabus.pdf

Lecture Breakdown

Lecture Title Topics
01 Syllabus and Review Linux, C, x86
02 Introduction to Reverse Engineering Tools and the VM
03 Extended Reverse Engineering GDB & IDA
04 Intro to Memory Corruption ELF, the stack, calling conventions, buffer overflows
05 Shellcoding / Code Injection Writing shellcode, developing scenario relevant payloads
06 Format String Vulnerabilities Format strings, DTOR/GOT overwrites
07 DEP and ROP Data Execution Prevention, writing ROP chains, ret2libc
08 Secure Systems and Game Console Exploitation OpenBSD, SELinux, GRSEC, Game Console Exploitation
09 Address Space Layout Randomization (ASLR) Overview, info leaks, partial overwrites, ASLR closure
10 Heap Exploitation Heap structure and concepts, corruption, use after free
11 Misc Concepts and Stack Cookies Signed/unsignedness issues, uninitialized data, etc, bypassing stack cookies
12 C++ Differences and Concepts C++ basics, structures, vTables, exceptions
13 Linux Kernel Exploitation Kernel basics, kernel exploitation, mitigations (mmap_min_addr, kallsyms, SMEP/SMAP), bypassing mitigations
14 Exploitation on 64bit, ARM, Windows Exploitation differences on other architectures & platforms
15 Automation & The Future of Exploitation Fuzzing, taint analysis, dynamic instrumentation, SMT/SAT solvers

Lab Breakdown

Lab Topic Corresponding Lectures
01 Reverse Engineering 01-03
02 Memory Corruption 04
03 Shellcoding 05
04 Format Strings 06
P1 Project 1 01-06 (Comprehensive)
05 DEP and ROP 07
XX ASLR should always be enabled from this point on See VM Information for details
06 ASLR 09
07 Heap 10
08 Misc and Stack Cookies 11
09 C++ 12
P2 Project 2 01-12 (Comprehensive)
10 Linux Kernel 13

Repository Breakdown

  • src/ - Source code for labs

  • setup_wargame.sh,external_tools.sh - Install scripts to setup MBE on an Ubuntu 14.04 32-bit machine

  • MBE_release.tar.gz - Binaries for labs and projects

  • MBE_lectures.tar.gz - PDFs of all lecture slides

  • MBE_VM.vmdk.gz - A vmdk (disk image) of a VM that is already setup

  • ASLR must be enabled after completing the DEP/ROP lab, and stay enabled for the rest of the course

    • Until reboot: # echo 2 > /proc/sys/kernel/randomize_va_space
    • Persist reboot: # echo 'kernel.randomize_va_space = 2' > /etc/sysctl.d/01-disable-aslr.conf

Where can I learn more?

Play more wargames:

About

No description, website, or topics provided.

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages