CNIT 127: Exploit Development
Fall 2015 Sam BowneSchedule · Lecture Notes · Projects · Links · Home Page
ScoresOpen Lab Hours for Sci 214 |
![]() |
Catalog DescriptionLearn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.Advisory: CS 110A or equivalent familiarity with programming Upon successful completion of this course, the student will be able to:
Student Learning Outcomes (measured to guide course improvements)1. Read and write basic assembly code routines2. Find stack overflow vulnerabilities and exploit them 3. Evade filters and other Windows defenses Textbook"The Shellcoder's Handbook: Discovering and Exploiting Security Holes ", by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q Buy from Amazon |
Schedule (may be revised) | |||||
---|---|---|---|---|---|
Date | Quiz | Topic | |||
Mon 8-17 | Ch 1: Before you Begin | ||||
Mon 8-24 | Ch 2: Stack overflows on Linux | ||||
Mon 8-31 | Ch 3: Shellcode | ||||
Fri 9-4 | Last Day to Add Classes | ||||
Mon 9-7 | Holiday - No Class | ||||
Mon 9-14 | Quiz: Ch 1-3 Proj 1-3 due |
Ch 4: Introduction to format string bugs | |||
Mon 9-21 | No Quiz Proj 4 due |
Ch 5: Introduction to heap overflows | |||
Mon 9-28 | Quiz: Ch 4 & 5 Proj 5-6 due |
Ch 6: The Wild World of Windows (Part 1) | |||
Mon 10-5 | No Quiz Proj 7 due |
Ch 6: The Wild World of Windows (Part 2) | |||
Mon 10-12 | Quiz: Ch 6 Proj 8-9 due |
Ch 7: Windows Shellcode | |||
Mon 10-19 | No Quiz Proj 10 due |
Ch 8: Windows overflows (Part 1) | |||
Mon 10-26 | No Quiz No Proj Due |
| |||
Mon 10-26 | Mid-Term Grades Due | ||||
Mon 11-2 | No Quiz Proj 11-12 due |
Ch 8: Windows overflows (Part 2) | |||
Mon 11-9 | Quiz: Lec. 7 & Ch 8 Proj 13 due |
Ch 14: Protection Mechanisms | |||
Thu 11-12 | Last Day to Withdraw | ||||
Mon 11-16 | No Quiz Proj 14-15 due |
Ch 16: Fault Injection Ch 17: The Art of Fuzzing Ch 18: Source Code Auditing | |||
Mon 11-23 | Quiz on Ch 14 Proj 16 due |
Hopper Debugger | |||
Mon 11-30 | No Quiz No proj due |
Preview of new course "Securing Web Applications" and two more servers to hack | |||
Mon 12-7 | No Quiz Proj 17-18 due All Extra Credit Projects Due |
Last Class: TBA (Class will meet: the strike was cancelled) | |||
Mon 12-14 | Final Exam |
LecturesPolicy
Introduction to Exploitation: Linux on x86
Ch 1: Before you Begin (pptx) We'll skip Ch 7: Windows shellcode
Ch 8: Windows overflows (Part 1) We'll skip chapters 9 through 13 Ch 14: Protection Mechanisms (pptx) We'll skip chapter 15
Ch 16: Fault Injection
Exploiting Windows: Introduction
The lectures are in PowerPoint formats |