NTU Computer Security

擔任台大大助教，與三週 Pwn 課程講師。

• Slide: speakerdeck.com/yuawn/binary-exploitation-basic
• Video: youtu.be/U8N6aE-Nq-Q
• Lab:
  • bof
    • stack buffer overflow, overwrite return address
  • orw
    • seccomp filter syscall, shellcode
• Homework:
  • Casino
    • oob array access, GOT hijacking, shellcode

• Slide: speakerdeck.com/yuawn/binary-exploitation
• Video: youtu.be/5D7tvxpSUUM
• Lab:
  • ROP
    • ROP bypass NX protection
  • ret2plt
    • Practice using plt functions
  • ret2libc
    • information leak, bypass ASLR, practice ret2libc technique
• Homework:
  • Casino++
    • oob array access, GOT hijacking, leak libc, ret2libc hijack plt function to system()

• Slide: speakerdeck.com/yuawn/heap-exploitation
• Video: youtu.be/rMqvL9j0QaM
• Lab:
  • UAF
    • Practice using UAF to leak address and exploit.
  • Note
    • double free, fastbin attack
  • T-Note
    • Tcache dup
• Homework:
  • Election
    • stack pivoting, ret2csu csu gadget
  • Note++
    • off-by-one null byte overflow, fastbin dup, forge chunk size to leak libc, overwrite __malloc_hook, one gadget

• 各 week 中 src 底下為題目原始碼
• 各 week 中 exp 底下為答案解法 exploits

• OS: ubuntu 18.04
• GCC: gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0

cd week1 # week2 week3
docker-compose up -d

sudo apt install libseccomp-dev
make