Presently teaching at JHU-ISI in the Fall semesters.

Software Vulnerability Analysis, EN.650.660

Competent execution of security assessments on modern software systems requires extensive knowledge in the reverse engineering and vulnerability analysis technical domains. This course examines software vulnerability analysis relevant theory and its application within security assessments in detail. Key topics include historical vulnerabilities, their corresponding exploits, and any associated preventative measures. Fundamental tools and techniques for performing software reverse engineering and vulnerability analysis are covered extensively. The format of this course includes lectures and hands-on assignments. Students will complete and demonstrate a project as part of the course.

In the class, we:

  • explore software vulnerabilities conceptually (i.e., what aspects cause a general fault to also be a security problem)
  • cover my recommended process for discovering and addressing vulnerabilities in security assessments
  • review x86 assembly and fundamental operating system concepts (in preparation for learning my recommended process to reverse engineering)
  • cover static analysis techniques and tools that include: (1) reverse engineering source code designs, (2) reverse engineering binaries, and (3) disassembling and decompiling binaries
  • cover dynamic analysis techniques and tools that include: (1) debugging, (2) memory analysis, (3) fuzzing, and (4) symbolic/concolic execution
  • cover common vulnerability specifics and how to prevent/mitigate (e.g., unvalidated input, buffer overflows, heap corruption, format string, integer misuse, and so on)
  • cover advanced case studies on interesting public vulnerabilities for commercial operating systems

In the HW and labs, you:

  • develop exploits to many of the common vulnerabilities to better understand how the popular defensive measures help with mitigation 

Fall 2017 student projects:

Group 1 - Replay Attacks & Mitigation Strategies lecture
Group 2 - Part 1, HTML injection, URL redirection, XSS
            - Part 2, CSRF
Group 3 - Linux.encoder.1 ransomware case study
Group 5 - VPM machine learning (Firefox case study)
Group 6 - VPM machine learning and natural language processing lecture
Group 7 - IPC vulnerabilities lecture
Group 8 - Dirty COW vulnerability case study
Group 9 - VPM machine learning (PHP web applications case study)
Group 10 - Race condition vulnerabilities lecture
              - Exploiting race condition vulnerabilities demo
Group 11 - BlueBorne vulnerability case study
Group 12 - GOT exploits lecture
              - GOT exploit demo
Group 13 - DLL injection exploits case study

Fall 2016 student projects:

team1-SQL injection
team2-Software model checking
team3-Shellshock case study
team4-ROP on Linux
team5-Latex exploits
team6-Detecting Android malware dynamically
team7-Windows heap overflows


Website Builder