Schedule

(Note this is a rough schedule and things are subject to change.)

• Aug 20, 2020 : Introduction, Ethics, and Course Overview  |  01-introduction.pptx
  

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/dWGIxQc7oac
• Aug 27, 2020 : Essentials for Software Security  |  02-prerequisites.pptx
  We will go over the prerequisites of this course.

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/XV3OLBXXjcA
  • C 101  |  https://youtu.be/logZKoG6F2s
  • Python 101  |  https://youtu.be/4GsJrJmHuSQ
  • Bash 101  |  https://youtu.be/uiS1rZsE99k
  • Byte and Endianness  |  https://youtu.be/rqtqI8We7uY

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/q8XPf3rEmro
• Sep 3, 2020 Reverse Engineering: Lecture I  |  03-reverse-engineering-1.pptx
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/WCWOmENHmVU
  • Compilation  |  https://youtu.be/y0MTaMlhW7A
  • x86-64 Assembly 101  |  https://youtu.be/leB6Lle-DeQ

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/EERXzgbd9UM
• Sep 10, 2020 Reverse Engineering: Lecture II  |  04-reverse-engineering-2.pptx
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/IXcwNIoUZrA
  • ELF Format  |  https://youtu.be/M42e58-R5Zs
  • ELF Execution  |  https://youtu.be/kC1f26gpKKU
  • Reverse Engineering Tools  |  https://youtu.be/tsCIk4aWkWM

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/CmQp8KKFcGo
• Sep 17, 2020 Software Vulnerabilities: Basic Software Vulnerabilities and Stack Overflow  |  05-vulns-1.pptx
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/z6LTUT0wt1I
  • Linux File Permissions  |  https://youtu.be/D1UsFBtNw80
  • Command Line Injection Vulnerability  |  https://youtu.be/0_5mcFTMpvQ
  • Directory Traversal Vulnerability  |  https://youtu.be/SLaETgBpD5w
  • Stack Overflow Vulnerability  |  https://youtu.be/k9jo39TrhOk

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/vYEVrg7sYiA
• Sep 24, 2020 Stack Security: Stack Defenses and Advanced Stack-based Attacks  |  06-vulns-2.pptx  |  stack  |  libc-2.31.so  |  ld-2.31.so  |  attack_demo.py
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/2T5cMTzEhA8
  • Stack Overflow + Shellcode  |  https://youtu.be/wVIMnGFMn54
  • Stack Defense  |  https://youtu.be/tjSwAeilyhM
  • Stack Overflow + ROP  |  https://youtu.be/dJc_Hmfw_Fs

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/6kcHaZb3-cc
• Oct 1, 2020 : No Class
  
• Oct 8, 2020 Stack Security: Format String Vulnerabilities  |  07-vulns-3.pptx  |  format_string
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/rQ7-CRQeo9g
  • Dynamic Linking for ELF Binaries  |  https://youtu.be/Sweg4-7acE4
  • Leaking Function Pointers from GOT Table  |  https://youtu.be/XhMH_uBXGt4
  • Format String Vulnerabilities  |  https://youtu.be/TA2HeRiwjnw
• Oct 15, 2020 Guest Lecture: Binary Analysis
  

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/4SMRnpuqN6E
• Oct 22, 2020 Heap Security: Tcache  |  08-heap-1.pptx  |  libc.so.6 (2.27)  |  ld.so (2.27)  |  use_after_free  |  use_after_free.c
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/AnUUJWqOqdE
  • Tcache Data Structure  |  https://youtu.be/dtHIaH6q_1M
  • Tcache Use After Free Vulnerabilities  |  https://youtu.be/iYpQFh08gzw

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/QvQv4M1kGqg
• Oct 29, 2020 Heap Security: Tcache II  |  09-heap-2.pptx  |  double_free  |  double_free.c
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/xJVCW6S-_cA
  • Double Free Vulnerabilities  |  https://youtu.be/lW6OKqll7hA
  • Heap Overflow Vulnerabilities  |  https://youtu.be/RzwGuABzQZY

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/De91OZkP1oU
• Nov 5, 2020 Heap Security: Heap Data Structures and Fastbin  |  10-heap-3.pptx
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/MQb6PjyUyuc
  • Arena, Chunk, and Bins  |  https://youtu.be/SutMBlmxmbw

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/1h__pyoUEg0
• Nov 12, 2020 Heap Security: Heap Attack and Defense IV  |  11-heap-4.pptx
  

  ---

  Self-learning Videos:
  • Overview  |  https://youtu.be/6sjdfj1GRPE
  • Fastbin User after Free Vulnerabilities  |  https://youtu.be/I4oCpBFruOA
  • How to Debug Heap  |  https://youtu.be/J4ba3XS3kSo
  • Leaking libc Base Address from Heap  |  https://youtu.be/58U46y2uvJ8
  • Fastbin Double Free Vulnerabilities  |  https://youtu.be/9pdAZElw2Y4
• Nov 19, 2020 : Fuzzing (taught by Prof. David Brumley, ForAllSecure and CMU)  |  In-class Solution
  

  ---

  Self-learning Videos:
  • 6 Reasons to Love Fuzzing  |  https://youtu.be/pw1a4ohgN50
  • Fuzzing Concepts  |  https://youtu.be/MYxfDhNa2-U

  ---

  Before-class Setup:
  • Lab Setup Document  |  https://www.tiffanybao.com/courses/cse545/fuzzing
  • Fuzzing Archive  |  https://www.tiffanybao.com/courses/cse545/labs/week12/exercise.tgz

  ---

  In-class Video:
  • In-class Lab  |  https://youtu.be/nonsGSXfa5k
• Nov 26, 2020 CTF: The CSE545 Capture-the-flag Fun I