Welcome to CS595G!

Weekly Notes and Summaries:

9/27/2019

It was great seeing everyone at the first day! The challenges are designed to be challenging, but they're also not designed to be done completely by yourself. If you find yourself without any idea of how to proceed for too long (having no idea for a little while is good), feel free to reach out to me either on Slack (@lockshaw) or by finding me in the Seclab (on the second floor of HFH) and I'll be happy to try to nudge you back onto the right track.

Topics:

Class Introduction, Reverse Engineering

Lecture:

Ghidra Demo

Expectations:

Two solves out of the following three challenges: baby, dcode, wizard.

Helpful Links and Resources

10/4/2019

Topics:

Reverse Engineering

Lecture:

none

Expectations:

Solve both helmsdeep and %n

Helpful Links and Resources

10/11/2019

Topics:

Stack-Based Exploitation

Lecture:

Slides: pptx, pdf

Expectations:

echo1-echo7. echo9 is optional.

Helpful Links and Resources:

11/1/2019

Topics:

Heap Exploitation

Lecture:

Slides: pptx, pdf

Expectations:

rustys1-rustys3

Helpful Links and Resources

Heap Exploitation GitBook
glibc's Malloc Internals Documentation
tcache CTF Wiki article : nice tcache_per_thread struct diagram
how2heap
Azeria's guides to the glibc heap part 1 and part 2

11/15/2019

Slides

Tools

Ghidra: the NSA's open-source disassembler, decompiler, and all-around reverse-engineering toolkit
IDA Pro: (arguably) the leading decompiler and reverse-engineering tool. Expensive and very much not open source. Not used in this class. Note that both educational and freeware editions of IDA are available, but with certain feature restrictions.
GDB: everyone's favorite debugger. Most of you already know it.
GEF: GDB is a fantastic debugger, but it lacks some niceties that are incredibly helpful when reverse engineering. GEF provides those niceties.
rr: Mozilla's record-and-replay debugging tool. Allows you to record an execution of a program and then execute both forward and backward through it in gdb. Great for figuring out where your exploit went terribly, terribly wrong. unfortunately does not work inside VirtualBox, so does not come installed in the class VM.
strings: Both when you've got a massive incomprehensible binary and when you've only got 15 seconds left in a CTF, strings is your friend. It does one job (printing the strings in a binary) and it does it well (though IDA's strings view generally yields better results).
radare2: The open-source reversing tool that does everything (as long as you're willing to remember hundreds of esoteric keybindings). Dynamic analysis, static analysis, decompiler. You name it, radare2 probably does it.
pwntools: A CTF toolkit in Python. Most commonly used for scripting interactions with programs, but has a whole bunch of other features.
readelf: Displays information about ELF files.
objdump: Displays information from object files.
ROPgadget: Helps you find rop gadgets
one_gadget: Finds onegadgets in libc
angrop: A tool for automatically constructing rop chains
Z3: A tool developed by Microsoft Research for automatically solving constraints.
angr: A binary analysis platform, with especially good support for symbolic execution. Helps you to automatically analyze binaries. Docs can be found here.
pwngdb: GEF is very nice, but unfortunately its heap introspection capabilities are buggy. pwngdb fixes this.

Other

VM Tips

Virtualbox version: the guides below have been tested on Virtualbox 6, but appear to be different in earlier versions.

Shared Folders:

it can be helpful to share files between the VM and your host machine. To do so, first run `mkdir /mnt/shared` in the VM. Then click on Devices->Shared Folders->Shared Folder Settings, click the green '+' on folder and enter the following values:


      Folder Path: <path_to_the_host_folder_you_want_to_share>
      Folder Name: <should be autofilled when you enter the folder path>
      Read-only: false
      Auto-mount: true
      Mount point: /mnt/shared
      Make Permanent: true

Automatic Screen Resizing:

When you open the VM for the first time, you'll probably notice that it is quite small. Before you login, make sure that Machine->Auto-resize Guest Display is selected. This should cause the window to automatically resize to the size of the window. If you have a very high-resolution display, it may not be able to set the monitor size large enough. You can fix this by setting the View->Virtual Screen 1->Scale to XXX% to a higher value. If you're noticing poor performance after this change (this has been observed so far on Macs), turn off the VM, select it in the VirtualBox menu, and click "Settings". Go to the "Display" tab and set the "Graphics Controller" to "VMSVGA". Hit ok, start the VM, and hopefully the performance should be improved.