The best way to understand what attackers can do is to reason like one of them.
In this course we will explore the tecniques that are common knowledge among attackers. The purpose
is to understand the strenghts and, most importantantly, the limits of all the countermeasures
that modern systems implement to mitigate these attacks. In turn, this requires a study
of some topics that are sometimes skipped in architectural courses, like heap implementation,
dynamic libraries and Virtual Machines.
You can pull the dockers with docker pull docker-name and
run them with docker run -P docker-name. The latter command
will also assign random local ports to the ports exposed in the container.
You can find the assigned ports with docker ps (in the PORTS
column).
Software
myUnix, a didactic implementation of some Unix programs (v2.1.4).
test-malloc, a simple program to experiment with malloc (v1.5).
mbaby, a Manchester Baby emulator/binary-translator (v1.5).
kvm example, a very simple KVM-based virtual machine monitor.
Further reading
The Linux Programming Interface, M. Kerrisk, No Starch Press, 2010.
Part of the course will deal with modern Virtual Machines technology. Here are
the lecture notes from a previous course that explored these same topics.
The notes in bold are useful for this course too, while the ones in italics can be safely skipped.
Introduction (excluding the formalization slides).