Notes Index for Secure Software

Mastery Goal A:

Learn just enough C to compile an executable that does some basic stuff

Class 1: C basics, compiling, loops, etc.

Mastery Goal B:

Learn how to look at the x86 assembly from a compiled executable and recognize most of the above classic code components. Reverse some simple password crackers. (radare2 and gdb)

Class 2: How local variables are stored

Class 3: Registers, x86 instructions, Radare2, and first crackmes

Class 4: Radare2 and Reversing Crackmes

Class 5: Reversing Practice (for mastery)

Mastery Goal C:

Learn the calling conventions for 32-bit and 64-bit functions. Write a program in bare assembly that uses both calling conventions. (nasm and ld)

Class 6: Calling-Convention Brain Dump

https://pwnwizard.com is a choose your own adventure story to help with 32-bit calling convention

Class 7: Calling-Conventions Part 2: Parameters

Class 8: Intro to Shellcode and ASM (Project 1 Starter and also Master Task E)

Mastery Goal D:

Simple buffer overflow that reroutes the instruction pointer to a win function. Do this in the simple case of fixed function addresses (no-PIE [position independent execution]). (pwntools, checksec, and rabin2)

Class 9: Buffer Overflow Exploits, Debugging Tricks, Applied Calling Conventions

Mastery Goal E:

Exploit a binary by providing shellcode and jumping the instruction pointer to your shellcode. (The simple case is that addressing is handled for you.) (shellcraft and google)

Class 8: Intro to Shellcode and ASM (Project 1 Starter and also Master Task E)

Mastery Goal F:

Exploit a buffer overflow by creating a ROP-chain that crafts it's own shellcode in small available pieces in a no-PIE environment. (ROPgadget)

Class 10: Intro to ROP chains and Write-ups

Mastery Goal G:

Learn how address randomization works in x86. (/proc/:pid/maps)

Class 11: Address randomization and PLT/GOT

Mastery Goal H:

Use an address leak to create a ROP chain that escapes into glibc. (blukat.me, rabin2, and pwntools ELF)

Class 12: Address randomization and PLT/GOT part 2 (the daily PWN is ret2libc)

Mastery Goal I:

Create your own address leak and then escape into glibc.

Class 13: Manufacturing Leaks and the 32-bit Auto-PWNer

Mastery Goal J:

Master the primitive of a write-what-where by way of a printf vulnerability. (pwntools: fmtstr_payload)

Class 14: Intro to printf vulns

Class 15: First Write-What-Where

Mastery Goal K:

Use a write-what-where to alter the GOT table in order to create a shell, also use write-what-where and GOT to generate a glibc address leak. (Around about this point of mastery is sufficient for Project 2.) (pwntools: ELF(binary).got)

Class 16: printf tooling, learning from write-ups, some printf gotchas

Class 17: Full printf demo

Mastery Goal L:

Master the use of a syscall instruction (both 32-bit and 64-bit) to make operating system calls (syscall tables) SROP too

Class 18: Life without a Win: pt 1 - SROP and syscalls

STEP BACK: An abstract PWN framework

Class 19: The parts of any exploit and exponentially growing your skills