FAUST regularly organizes workshops on different IT-Security topics. This Semester, the topic is binary exploitation. The workshop will take place on 29th and 30th of April

What is hacking?

You may know hacking as evil and illegal activity. However, there are perfectly legal and ethical ways to hack. To close security problems in your software, you must first know what bugs can be leveraged by an attacker.

Furthermore, this can be a fun activity for your free time and is perfectly legal if you do not attack a system you don’t have permission to attack. For example, there are regularly so called Capture-the-flag competitions (CTF) hosted all over the world. This is a playful way to improve your IT-Security knowledge by hacking a purposefully insecure system created just for the competition. There are academic and non-academic CTF teams from all over the world taking part in these competitions, we (FAUST) are no exception.

For more information about CTF competitions, take a look at CTFTime.

Who is this workshop for?

Our Binary Exploitation Workshop takes place on the 29th and 30th of April. Everyone is welcome, no matter if you are a bloody beginner or already know some hacking basics.

However, a basic understanding of programming in C and associated concepts is expected. Therefore, we recommend that you have taken either of these modules:

  • Systemprogrammierung (SP)
  • Softwarenahe Programmierung in C (SPiC)

Furthermore, you should bring your own laptop with a Linux installation (bare-metal or in a VM, doesn’t matter) to do the exercises. We recommend a Debian derivative, such as Ubuntu, but any distribution should suffice.

Workshop Contents

We explain the following concepts in small presentations and let you practice with interesting challenges afterwards:

  • Introduction to python and important tools
  • Address layout
  • Stack smashing
  • Protection mechanisms (ASLR, Canaries)
  • Value leakage
  • Format string attacks
  • Shellcode
  • ROP (Return-Oriented Programming)
  • Heap exploitation

Registration

Please join our StudOn course for more information. If you cannot make it to the workshop, don’t worry! We will upload the slides after the workshop and you will have the option to solve the exercises on your own.

We hope to see you at the workshop!