CSCI 4971 Secure Software Principles

Spring 2010

Office Hours: Sage 4203; Wednesday 6PM-10PM

Topics and Files:
Date Topic Downloads Links for the Hungry Mind
--- Get the Class VM Download the VM
 
1/25/2010 Unix Security Syllabus (Updated 3/3/10)
Slides
DJB's '04 security course
1/28/2010 File Permissions Slides
Set Resource Limit Template
 
2/1/2010 C bugs - Part I Slides The C Chapter from TAOSSA
CERT C Secure Coding Standard
2/4/2010 C bugs - Part I (lab) Challenges  
2/1/2010 C bugs - Part II Slides The C Chapter from TAOSSA
Code that needs an audit
2/11/2010 C bugs - Part II (lab) Challenges Gera's insecure Programming Challenges
2/18/2010 x86 assembly - Part I Slides      Lecture Activities  
2/22/2010 x86 assembly - Part II (lab) Slides Challenges (has cool Matrix ascii art) gdb_help
2/25/2010 x86 assembly - Part III - shellcode intro, ELF vx Slides Exercises
3/1/2010 x86 assembly - Part IIII - buffer overflows (lab) Shellcode simple code injection challenges A history of corruption - Ben Hawkes
Dave's Buffer Bombs
RPIACM Club Talk on Buffer Overflows
3/4/2010 Reverse Engineering - Part I ELF Challenge (breaks ida)
CSAW Reversing Challenges Tools
Compiler Optimizations (ppt)
3/15/2010 Reverse Engineering - Part II (lab) Ryans Bomb Dave's Binary Bombs
Hackers Can Turn Your Computer Into A Bomb!!
3/18/2010 Reverse Engineering - Tips Slides
OpenRCE
RE Reddit
Great example of code-harnessing on MS08-067
3/22/2010 Reverse Engineering - Lab instructions
deattack
here
3/25/2010 Fuzzing Slides
sulley/fuzz_toed.py
sulley/requests/toe.py
toed - Windows
toed.c
Sulley Manual
Sulley Reference

Make charlie proud: Automate some fuzzing today
3/29/2010 Fuzzing - Lab Protocol to Fuzz
Target to fuzz
"At first I didn't get it, but now i'm saying darn that's pretty awesome"
"I hate to admit it, but sulley is pretty cool"
4/1/2010 Guest Lecture - Dave Musser Proofs (.tar.gz, .zip) Lectures on Code-Carrying Theory and the Athena Proof-Checker
4/8/4010 Cryptography review Slides
4/12/4010 Guest speaker - Adam Young - Cryptovirology  
4/15/4010 Windows security - part 1 Slides
4/19/4010 Windows security - part 2 (lab) Antivirus lab
4/22/4010 Web Security - Sessions & XSS Slides
4/26/4010 Web Security 2 Slides - Arbitrary Redirects & CSRF
Slides - SQL Injection

Final:
Final Project

Good Links:
Simple File fuzzers
Dan Guido's Pentest Course - Online videos and materials
"Coding Machines" Interesting short story

Challenges:
Shellbased nix wargames @ overthewire.org
Shellbased nix wargames @ smashthestack.org
Shellbased nix wargames @ intruded.net
beist.org

IRC:
Server: irc.rpisec.net
Channel: #csci4971
Join and ask us questions!