NTU Computer Security Fall 2019 - National Taiwan University Computer Security
Served as a teaching assistant at National Taiwan University and a lecturer in the three-week Pwn course.
Course content
Week 1: Binary Exploitation - Basic
- Slide: speakerdeck.com/yuawn/binary-exploitation-basic
- Video: youtu.be/U8N6aE-Nq-Q
- Lab:
- bof
- stack buffer overflow, overwrite return address
- orw
- seccomp filter syscall, shellcode
- Homework:
- Casino
- oob array access, GOT hijacking, shellcode
Week 2: Binary Exploitation
- Slide: speakerdeck.com/yuawn/binary-exploitation
- Video: youtu.be/5D7tvxpSUUM
- Lab:
- ROP
- ret2plt
- Practice using plt functions
- ret2libc
- information leak, bypass ASLR, practice ret2libc technique
- Homework:
- Casino++
- oob array access, GOT hijacking, leak libc, ret2libc hijack plt function to system()
Week 3: Heap Exploitation
- Slide: speakerdeck.com/yuawn/heap-exploitation
- Video: youtu.be/rMqvL9j0QaM
- Lab:
- UAF
- Practice using UAF to leak address and exploit.
- Note
- double free, fastbin attack
- T-Note
- Homework:
- Election
- stack pivoting, ret2csu csu gadget
- Note++
- off-by-one null byte overflow, fastbin dup, forge chunk size to leak libc, overwrite __malloc_hook, one gadget
Course title challenges
- Under
src of each week is the original code of the question - The answers and solution exploits are at the bottom of each week's
exp .
environmentenvironment
- OS:ubuntu 18.04
- GCC: gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0
Build
cd week1 # week2 week3
docker-compose up -d
Compile (if you need to re-edit the title binary)
sudo apt install libseccomp-dev
make
