ABE – Applied Binary Exploitation

We have a new post for you: WSL Permissions

Contact

For questions, remarks and complaints, please contact placeholder@example.com.

Administrative notes

This is the website for the module MA-INF 3322 Applied Binary Exploitation.

You may take this course even if you have passed BA-INF 148 Program Analysis and Binary Exploitation (PABE) during your bachelor’s.

You cannot take this course if you have already passed MA-INF 3322 Program Analysis and Binary Exploitation (PABE).

Note: This time the lecture will be hybrid. The lectures will be recorded. Exercise meetings will not be recorded.

Time and Location

The lecture on 2024-06-10 will be held only online.
Reason: Lecture hall is not available.

The lectures take place on Mondays 16-18 CEST. The first lecture takes place on Monday, 2024-04-08.
Tutorials take place on Tuesday 16-18 CEST. The first tutorial takes place on Tuesday, 2024-04-16.
Note that tutorials only take place every other week (see schedule below).

Online participation is possible via BBB.

Big Blue Button

Lectures and tutorials usually take place in room Bonn-Beuel at Fraunhofer FKIE at Zanderstraße 5, 53177 Bonn-Bad Godesberg. Map of the location
You probably want to take the public transport to Bad Godesberg Stadthalle and walk the ~350m to the building.

The lecture hall is located in the basement. Enter the building, register at the front desk, then go down the stairs, turn around, and go straight to the lecture hall.

There may be a few dates where the lecture hall is not available. Pay attention to announcements regarding room changes on the mailing list!

Schedule

This preliminary schedule is of course subject to change.

Nr Date Lecture Topics
0 2024-04-08 Welcome! Administrative Remarks; Binary Analysis Recap
1 2024-04-15 Vulnerability Research and Bug Hunting (source code)
2024-04-16 Sheet 0 Tutorial, Sheet 1 released
2 2024-04-22 Basic Binary Exploitation: Stack-based Buffer Overflows, Overwrite, Calling Convention, ret2libc
3 2024-04-29 Basic Binary Exploitation: ROP
2024-04-30 Sheet 1 Tutorial, Sheet 2 released
4 2024-05-06 Advanced Code Reuse Attacks
5 2024-05-13 Advanced Binary Exploitation: Shellcode
2024-05-14 Sheet 2 Tutorial, Sheet 3 released
2024-05-20 - No Lecture -
6 2024-05-27 Format strings, Heap internals
7 2024-06-03 Heap use-after-free
2024-06-04 Sheet 3 Tutorial, Sheet 4 released
8 2024-06-10 Heap glibc
9 2024-06-17 Heap glibc
2024-06-18 Sheet 4 Tutorial, Sheet 5 released
10 2024-06-24 Heap glibc
11 2024-07-01 Exim exploit
2024-07-02 Sheet 5 Tutorial
12 2024-07-08 Exim exploit
13 2024-07-15 Invited Talk

Exams

The information in this section is preliminary, and subject to change.

  • The exams will be oral exams.
  • The exams will take place at Zanderstraße 5, 53177 Bonn-Bad Godesberg.
  • There will be two exam periods.
  • The first exam period will be on 2024-08-05 to 2024-08-07.
  • Timeslots will be assigned after the last exercise sheet has been graded. You will receive an email asking you for your availability.
  • The second exam period will be on 2024-09-02 and 2024-09-03.
  • Timeslots will be assigned after the first exam period. You will receive an email asking you for your availability.

Description

Our computers run a lot of closed source binary programs meaning that the source code of those programs is not available. Naturally, those programs contain bugs, mistakes that the programmer made during the development. Those bugs could (under certain circumstances) be exploited by attackers and thus may lead to arbitrary code execution. In this lecture we aim to teach you how to find well known exploitable bugs and how to exploit them. After a brief recap of basic binary program analysis such as static and dynamic analysis, we will talk about vulnerability discovery in general, meaning that you will learn how to find exploitable bugs by yourself. Next we move on to basic stack-based buffer overflows and add mitigation techniques (stack cookies, NX, ASLR, RELRO, …) as we progress and exploit them as well. After we finished the topic of stack-based buffer overflows we move on to more advanced topics such as heap exploitation, use-after-free exploits and others. The lecture ends with an analysis of a sophisticated real-world exploit.

At the last lecture date, there will be a guest lecture from a renowned expert. Past guest lecturers were:

2023: Robert Xiao (@nneonneo): Exploiting a Filesystem Driver in a Kernel CTF Challenge

2021: Claudio Guarnieri (@botherder): A talk about journalists, human rights defenders and dissidents that face increasingly sophisticated digital threats and what to do about it.

2020: Maddie Stone (@maddiestone): Reversing the Root: Identifying the Exploited Vulnerability in 0-days Used In-The-Wild

2019: Gynvael Coldwind (@gynvael): Notes on Computer Hardware and Security

2018: Thomas Dullien (@halvarflake): Fundamentals of Security Exploits