CS4v95/6301: OFFENSE-BASED CYBER SECURITY Monday, Wednesday 10:00AM-11:15AM at ECSN 2.110 $Id: fall2014.t2t, v1.0, last updated %%mtime(%c) Exp $ %! Target: %! Options: --toc --css-sugar --encoding=iso-8859-1 %! Style: tech.css %! PreProc: %! PostProc: --------------------------------------------------------------------------- === Course Overview === To better defend against cyber attacks, we have to first understand how the attacks really work. That is also what we often called ``knowing the enemy''. Offense-based Cyber Security (3 semester hours) is exactly designed for this purpose, and aims to study and understand the techniques used in cyber offense. Below is a typical scenario on how real attack is launched. To attack a computer system, the first step an attacker needs to do is often the reverse engineering, which is the process of discovering of high level information (e.g., the vulnerability) from the low level artifacts such as the machine code, the OS and the service software the target system is running, etc. To perform the reverse engineering of the machine code, we can do static analysis (disassemble, or decompile), or dynamic analysis (observe how the information exchanges). After having figured out the vulnerability if the victim system, the next step is to develop exploit, which is the attack payload or the often called shell code. To launch the attack, we also have to understand the defense techniques deployed in the OS, such as ASLR, DEP, etc. Once an attack succeeds, we also need to investigate the evidences related to the attack, which is often called the forensics. Therefore, in this class, we will provide a comprehensive coverage of the fundamental methodologies, skills, legal issues, and tools used in reverse engineering, penetration testing, exploit generation, and forensics. The learning outcome is students shall be able to understand and know - how to perform the reverse engineering of x86 binary code - how to identify software flaws discovered through either static or dynamic binary code analysis - how to exploit software flaws (such as buffer overflows) - how to perform vulnerability analysis, penetration, and forensic analysis In support of this, the course will have heavy hands on projects towards training the basic skill sets related to achieving these goals. --------------------------------------------------------------------------- === Text Books === ====Required textbooks==== - [CRH] Ed Skoudis; Tom Liston. [``Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses'', Second Edition http://proquest.safaribooksonline.com/9780131481046] - [AOE] Erickson, Jon. [``Hacking: The Art of Exploitation'' 2nd Edition http://proquest.safaribooksonline.com/book/networking/security/9781593271442] - [SRE] Eldad Eilam. [``Reversing: Secrets of Reverse Engineering'' http://proquest.safaribooksonline.com/book/software-engineering-and-development/9780764574818] ====Reference textbooks==== - [CSAPP] Randal E. Bryant and David R. O'Hallaron. [``Computer Systems: A Programmer's Perspective, 2/E'' http://csapp.cs.cmu.edu/] - [TSH] Kozoil, Jack. [``The Shellcoder's Handbook: Discovering and Exploiting Security Holes'' http://proquest.safaribooksonline.com/book/networking/security/9780470080238] --------------------------------------------------------------------------- === Course Notes and Schedule === || Week | TOPICS TO BE COVERED | | 0 | Course Logistics and Overview | || Basics |||| | 1 | Low Level Code (x86 assembly, disassemble) | | 2 | Programming (GNU tool chain) | | 3 | Operating Systems (Processes, Memory, System calls) | | 4 | Networking (TCP/IP programming) | || Vulnerability Analysis |||| | 5 | Buffer Overflow (Stack and Heap Overflow) | | 6 | Integer Overflow, Format String | || Reverse Engineering |||| | 7 | Static Analysis (objdump, IDA) | | 8 | Dynamic Analysis (PIN, QEMU) | | 9 | Blackbox Fuzzing | | 10 | Whitebox Fuzzing | || Exploit Development and Defense |||| | 11 | Control flow hijacking | | 12 | ASLR, DEP, CFI | | 13 | Return oriented programming (ROP) | || Forensics |||| | 14 | Disk Forensics | | 15 | Memory Forensics | NOTE: please access all the lecture notes posted in e-learning. --------------------------------------------------------------------------- === Office Hours === - Instructor: M/W, 9:00AM - 10:00AM (or by appointment). Office ECSS 3.701 - Teaching Assistant: Mr. Yufei GU, Tuesday, Thursday 2:00PM - 3:00PM (or by appointment yufei.gu@utdallas.edu). Office ECSS 3.612 --------------------------------------------------------------------------- === Prerequisites === We expect students should satisfy at least **three** of the following: - Assembly code (Intel X86 preferred) - Knowledge of Computer Security basics - Proficiency in programing development (gcc/gdb) (CS 3376 C/C++ Programming in a UNIX Environment) - Proficiency in a scripting language (python preferably) - Familiarity with operating system kernel/internals (windows or linux) (CS 4348 Operating Systems Concepts) - Familiarity with command line operation of Windows AND Linux --------------------------------------------------------------------------- === Course Projects === - There will be three course projects: - Reverse Engineering: - Exploit Development: - Developing exploit to compromising vulnerable software - Developing ROP exploit - Forensics: - Using Volatility to analyze memory dump --------------------------------------------------------------------------- === Course Policy === ==== Late Policy ==== All late submissions will automatically lose 1 point per delayed day until the points in that project are gone. ==== Collaboration Policy ==== Students are encouraged to collaborate, particularly on the discussion on the course project. However, each individual must finish the project by him/her-self. ==== Cheating Policy ==== We will strictly follow the university policy on cheating and plagiarism which is available [here http://www.utdallas.edu/judicialaffairs/UTDJudicialAffairs-policies.html]. Please [avoid http://www.utdallas.edu/judicialaffairs/UTDJudicialAffairs-AvoidDishonesty.html]. There are also several examples of [Scholastic Dishonesty http://www.utdallas.edu/judicialaffairs/UTDJudicialAffairs-Basicexamples.html] If you have any questions regarding this issue, please contact the instructor. --------------------------------------------------------------------------- === Course History === After teaching the graduate level //Binary Code Analysis and Systems Security// in the past two years (i.e., [Spring 2012 http://www.utdallas.edu/~zhiqiang.lin/spring2012.html], [Fall 2013 http://www.utdallas.edu/~zhiqiang.lin/fall2013a.html]), I realized that the students are more interested in the reverse engineering (RE) and penetration testing (PT), the offensive side of the cyber security. Inspired by a recent //Offensive Computer Security// class offered at [FSU http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity], as well as the conversation with our [CSG https://csg.utdallas.edu/] students, I decided to refactor the course materials I developed earlier to particularly emphasize the RE and PT. Also, there are many undergraduate students who are highly interested in such a class. This eventually leads to the creation of this course. It is difficult to choose a proper name for this course. Thanks to our department head [Dr. Gupta http://www.utdallas.edu/~gupta/] for suggesting this course name. %!include: ''sp14.js'' --------------------------------------------------------------------------- [HOME index.html] [SOURCE %%infile]