Software attacks are a common part of today's headlines. This course aims at demystifying them by giving the fundamentals to understand these attacks, what they consist in and how to mitigate them. We will mostly focus on software vulnerabilities.
We will cover the following topics:
semantics and modelization of low-level languages
classical attack and exploitation
control-flow integrity techniques
MATE attacks and reverse engineering
Note: These lectures will require a fair amount of hands-on experiments on the computer to make the concepts more practical. They also involve supplementary reading material as part of the contents.
This session presents basic low-level attack techniques:
Most of the session is allotted to hands-on experimentation.
This session presents three main basic binary exploitation mitigation techniques:
We will also talk about their limitations and briefly present more advanced control-flow integrity measures that are currently available.
A good part of the session is allotted to hands-on experimentations.
This lecture discusses at length the Man-At-The-End (MATE) scenario. MATE is an attack model where the attackers are very powerful since they basically are on your computer, can read/write the code, execute it step-by-step or patch it on the fly.
We will here expose the current state of known attacks and defenses, giving an overview of this research area.
The final exam will contain 2 parts:
The presentation of a research article (groups of 2, 20 minutes + questions) – rank the articles from the list in decreasing order and send a message ranking them to the professors;
A mini CTF problem (find the secret key!) and its written solution report (5p. max).
The CTFs are available from:
|Preventing zero-day exploits of memory vulnerabilities with guard lines||Alexandre, Emeline||9:15|
|Nibbler: Debloating Binary Shared Libraries||Sébastien, Baptiste||9:45|
|Learn&Fuzz: machine learning for input fuzzing||Mehdi, Corentin||10:15|
|Hacking Blind||Isabelle, Soline||10:45|
|Syntia: Synthesizing the Semantics of Obfuscated Code||Paul, Antoine||11:15|
|Practical Control Flow Integrity & Randomization for Binary Executables||Pierrick, Julien||TBD|