Content
This course deals with the design and implementation of secure software. Especially memory corruption vulnerabilities such as buffer overflows, integer overflows or use-after-free bugs can be exploited by an attacker to bypass the intended program behavior and execute arbitrary payload in the worst case. We will look at various runtime mitigation techniques such as ASLR, stack canaries and data execution prevention exist. However, they can often be bypassed by more advanced exploitation techniques. Rather than preventing certain attacks, the ultimate goal is to eliminate memory corruption vulnerabilities and achieve "memory safety". We will discuss methods for debugging and bug discovery as well.
Material
The slides are available here after the end of each lecture.
The practicals, an explanation about the lecture, exam hacklets, and old exams can be found here:
Material
Date |
Type |
Topic |
Lecturer |
Material |
05.10.2022 10:15 |
KU |
Organizational + Warmup handout |
David, Andreas |
Slides |
06.10.2022 12:00 |
VO |
Intro |
Daniel |
Slides |
12.10.2022 10:15 |
KU |
Tools |
Andreas, David |
Slides |
14.10.2022 12:00 |
VO |
Low Level / C++ Objects |
Daniel |
Slides |
19.10.2022 10:15 |
KU |
Defenselets Handout |
David, Ferdinand |
Slides |
21.10.2022 12:00 |
VO |
Memory Corruption I |
Marcel, Martin |
Slides |
28.10.2022 12:00 |
VO |
Memory Corruption II |
Marcel, Martin |
Slides |
04.11.2022 12:00 |
VO |
Exploits |
Vedad |
Slides |
09.11.2022 10:15 |
KU |
|
|
|
16.11.2022 10:15 |
KU |
Handout Defensive |
|
Slides |
18.11.2022 12:00 |
VO |
Finding Bugs I |
|
Slides |
23.11.2022 10:15 |
KU |
|
|
|
23.11.2022 13:00 |
VO |
Finding Bugs II |
|
Slides |
30.11.2022 13:00 |
VO |
Defensive Programming |
|
Slides |
30.11.2022 10:15 |
KU |
|
|
|
02.12.2022 12:00 |
VO |
Countermeasures |
|
Slides |
07.12.2022 10:15 |
KU |
|
|
|
09.12.2022 12:00 |
VO |
Exam |
|
|
14.12.2022 10:15 |
KU |
|
|
|
11.01.2023 10:15 |
KU |
|
|
|
13.01.2023 12:00 |
VO |
|
|
|
17.01.2023 10:00 |
KU |
|
|
|
18.01.2023 10:15 |
KU |
|
|
|
19.01.2023 10:00 |
KU |
|
|
|
20.01.2023 12:00 |
VO |
|
|
|
25.01.2023 10:15 |
KU |
|
|
|
27.01.2023 12:00 |
VO |
|
|
|
Administrative Information
Contact
- Please contact us under ssd@iaik.tugraz.at or in the Discord channel which you will receive per mail.
Below you can find the lecture dates exported from TUGOnline.
Lecturers