Enrollment
Enrollment into the course is open during the first week of the semester. To enroll into the course after the first week, please contact the course organizer for the enrollment key.
Objectives
At the end of this course, students will be able to:
- classify and describe vulnerabilities and protection mechanisms of software systems
- analyze and reason about protection mechanisms for modern software systems
- identify vulnerabilities in software systems
- develop proofs of concept exploits/verifications to show the existence of a vulnerability in a software system
- understand how to write code defensively to reduce the risk of vulnerabilities
Content
The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:
- Assembly and Disassembly, Shellcode
- Binary Reverse Engineering and Debugging
- Sandboxing
- Memory and Type Safety/Errors
- Information Leakage
- Vulnerability Exploitation/Verification, Buffer and Heap Overflows
- Code Re-use Attacks, e.g., Return Oriented Programming
- Race Conditions
- Format String Vulnerabilities
- Exploit/Verification Synthesis and Automated Exploitation/Verification
- Kernel Security
- Defensive Programming
- Kursleiter/in: Kevin Borgolte
Semester: WT 2023/24