Course Description and Syllabus
The course covers the area of software security and vulnerability discovery and vulnerability verification, focusing on:
- Assembly and Disassembly, Shellcode
- Binary Reverse Engineering and Debugging
- Memory and Type Safety/Errors
- Stack-based Buffer Overflows
- Heap Attacks
- Information Leakage
- Format String Vulnerabilities
- Code Re-use Attacks
- Types and Type Safety
- Race Conditions
Goals
At the end of this course, students will be able to:
- classify and describe vulnerabilities and protection mechanisms of userspace applications for modern operating systems
- analyze and reason about protection mechanisms for userspace software
- identify vulnerabilities in software
- develop proofs of concept exploits/verifications to show the existence of a vulnerability in a software system
- understand how to write code defensively to reduce the risk of vulnerabilities
Prerequisites
The following courses (or equivalent) are required:
- System Security (211011)
- Operating Systems (211005)
In exceptional circumstances and on written request only, this requirement may be waived by the responsible lecturer.
- Kursleiter/in: Kevin Borgolte
- Kursleiter/in: Felipe Aparecido Dos Santos Novais
- Kursleiter/in: Tobias Maximilian Holl
- Kursleiter/in: Felipe Novais
Semester: WiSe 2025/26