Many software developers aren't aware of how to properly write secure code. This course covers practical skills in reverse engineering and binary exploitation and examines the techniques used by hackers in recent major security incidents. The course objective is to provide students with a strong understanding of attack patterns, and to ensure students implement more secure coding practices in their own code. This course begins with an introduction to Intel-based assembly, reverse engineering, vulnerability analysis, and various forms of Linux-focused binary exploitation. The course then covers stack, heap and Linux kernel-based exploitation, and dive into common defensive mitigations such as ASLR, NX and Stack Cookies alongside techniques to bypass each of them.
This course was developed as a revamping of CS390R. For this semester, I took on significant responsibility. My primary role was to develop Gradescope autograders to test student-submitted exploits, which entailed numerous challenges. I also took on major roles in assignment development and course logistics.