Análisis de código binario y sistemas de seguridad

UT_Dallas_tex_black.jpg

Cada vez son más las universidades que están publicando el material de sus clases. Ya publicamos la semana pasada sobre un Curso sobre seguridad ofensiva por la Universidad del Estado de Florida. Ahora la Universidad de Texas en Dallas es la que ha publicado el material de su curso titulado System Security and Binary Code Analysis.

En éste se cubren los siguientes temas:

  • Memory exploits (buffer overflows, format strings, integer overflows, etc. Creación de shellcodes usando técnicas ROP y HeapSpray).
  • OS Kernel Internals (comportamiento de un programa cuando es ejecutado por el sistema operativo. Conceptos de la memoria virtual in traducción a memoria física, etc. Cubren el núcleo de Linux y Windows).
  • Linker and Loader Internals (enlazado dinámico de un programa y como aprovecharse del mismo).
  • Kernel-level Defense (mecanismos de defensa ASR, DEP y NX-bits).
  • User-level Defense.
  • Binary code reverse engineering (análisis dinámico y estático, flujo de control, malware, etc).
El programa, cubierto por el profesor, es el siguiente:
Course Overview Instructor [pdf] [handout]
System and Software Security Foundations: Understanding Binary Code Analysis
Binary Code/Data Representation Instructor [pdf] [handout]
Program Representation Instructor [pdf] [handout]
Dynamic Binary Instrumentation (PIN, Valgrind, Qemu) Instructor [pdf] [handout]
Principles of Program Analysis Instructor [pdf] [handout]
Guest Lecture: Recent Cyber Attacks and Implications Jon Shapiro [pdf]
Guest Lecture: Web Vulnerability (SQL injection, Cross-site scripting) Analysis Duong Ngo N/A
Design and Implementation of a Data Flow Analysis (taint analysis) Instructor [pdf] [handout]
System and Software Security Foundations: Understanding the OS Kernel
Understanding the OS Architecture and Linux History Instructor [pdf] [handout]
An Overview of Linux and Windows Kernel Instructor [pdf] [handout]
Process Management Instructor [pdf] [handout]
Virtual Memory (I) Instructor [pdf] [handout]
Virtual Memory (II) Instructor [pdf] [handout]
File System (I) Instructor [pdf] [handout]
File System (II) Instructor [pdf] [handout]
System and Software Security Foundations: Beyond OS Kernel
Revealing Internals of Executable File Format Instructor [pdf] [handout]
Revealing Internals of Compiler (gcc) Instructor [pdf] [handout]
Revealing Internals of Linker (ld) Instructor [pdf] [handout]
Revealing Internals of Loader (ld-linux.so) Instructor [pdf] [handout]
System and Software Security: Techniques, Tools, and Applications
Library Interposition Instructor [pdf] [handout]
Virtual Machine Monitor (QEMU/VirtualBox/Xen/KVM) Instructor [pdf] [handout]
Symbolic Execution and Whitebox Fuzzing Instructor [pdf] [handout]
Exploits: Buffer Overflows, Heap Overflow, Integer Overflow Instructor [pdf] [handout]
Robust Exploits: ROP shellcode, Heap Spray Instructor [pdf] [handout]
Fighting for Malware: Unpack, Disassemble, Decompile Instructor [pdf] [handout]
Binary Code Reusing Instructor [pdf] [handout]
Al final del curso, los alumnos tenían que hacer una presentación de 15 minutos basadas a uno de los documentos requeridos ser leídos por estos.

También podemos acceder a las presentaciones de los alumnos así como a la lista de dichos documentos (muchos de ellos bastante conocidos):

Vulnerability, Exploit, Malware
Smashing the stack for fun and profit Mitch Adair [pdf]
Smashing the stack in 2011 Andrew Folloder [pdf]
Exploiting Format String Vulnerabilities Sanjay Bysani [pdf]
English Shellcode Shwetha Gopalan [pdf]
Return-oriented programming Scott Hand [pdf]
ASLR Smack and Laugh Reference Mohammed Andaleeb Iftekhar [pdf]
Automated Exploit Generation Matthew Stephen [pdf]
How to Shop for Free Online - Security Analysis of Cashier-as-a-Service Based Web Stores Isaac Strohl,Avinash Joshi [pdf]
System Defenses: Architecture, OS, Compilation Extension, Code Transformation, Runtime Verification
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools Vinay Gangasani [ppt]
Control Flow Integrity Murugesan, Sureshbabu [pdf]
On the Effectiveness of Address Space Randomization Brian Ricks,Vasundhara Chimmad [ppt]
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software Sheikh Qumruzzaman, Khaled Al-Naami [ppt]
Efficient and Accurate Detection of Integer-based Attacks Allen Helton, Nishant Chithambaram [ppt]
Bouncer: Securing Software by Blocking Bad Input Yufei Gu,Sathish Kuppuswamy [pdf]
Static detection of C++ vtable escape vulnerabilities in binary Huseyin Ulusoy [pdf]
Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Shishir K Prasad [pdf]
Native Client: A Sandbox for Portable, Untrusted x86 Native Code Gil Lundquist [pdf]
Software fault isolation with API integrity and multi-principal modules. Junyuan Zeng [pdf]
A Virtual Machine Introspection Based Architecture for Intrusion Detection Donald Talkington,sundarajan srinivasan [ppt]
Robust Defenses for Cross-Site Request Forgery Saravana M Subramanian [ppt]
Malicious Code Analysis
Deobfuscation of virtualization-obfuscated software Selvakumar Gopal Rajendran [pdf]
Who Wrote This Code? Identifying the Authors of Program Binaries Camron [ppt]
Measuring Pay-per-Install: The Commoditization of Malware Distribution Kevin Hulin [pdf]
Una pena que no tengan vídeos, pero a caballo regalado...