Content
This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve "memory safety". We will discuss methods for debugging and bug discovery as well.
Material
The slides are available here after the end of each lecture.
The practicals, an explanation about the lecture, exam hacklets, and old exams can be found here:
Material
| Date |
Type |
Topic |
Lecturer |
Material |
| 2023-10-04 10:15 |
KU |
Warmup + Organization |
|
Slides |
| 2023-10-06 12:00 |
VO |
Organization + Intro |
Daniel, Lukas, Marcel, Stefan, Vedad |
Slides |
| 2023-10-11 10:15 |
KU |
Tools 1 |
|
Slides |
| 2023-10-13 12:00 |
VO |
Low Level / C++ Objects |
Daniel |
Slides |
| 2023-10-18 10:15 |
KU |
Defenselets 1 |
|
|
| 2023-10-20 12:00 |
VO |
Memory Corruption 1 |
Marcel, Stefan |
Slides |
| 2023-10-25 10:15 |
KU |
Tools 2 / Question Hour |
|
|
| 2023-10-27 12:00 |
VO |
Memory Corruption 2 |
Marcel, Stefan |
Slides |
| 2023-11-03 12:00 |
VO |
Exploits |
Lukas |
Slides |
| 2023-11-08 10:15 |
KU |
Defenselets 2 |
|
|
| 2023-11-10 12:00 |
VO |
Finding Bugs 1 |
Vedad |
Slides |
| 2023-11-15 10:15 |
KU |
Question Hour |
|
|
| 2023-11-17 12:00 |
VO |
Finding Bugs 2 |
Vedad |
Slides |
| 2023-11-22 10:15 |
KU |
Question Hour |
|
|
| 2023-11-24 12:00 |
VO |
Defensive Programming |
Lukas |
Slides |
| 2023-11-29 10:15 |
KU |
Question Hour |
|
|
| 2023-12-01 12:00 |
VO |
Countermeasures |
Lukas |
Slides |
| 2023-12-06 10:15 |
KU |
Defensive Programming |
|
Slides |
| 2023-12-13 10:15 |
KU |
Question Hour |
|
|
| 2023-12-15 12:00 |
VO |
Christmas Special (?) |
|
|
| 2024-01-10 10:15 |
KU |
Question Hour |
|
|
Administrative Information
Contact
- Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.
Below you can find the lecture dates exported from TUGOnline.
Lecturers
