Welcome to CS395
This is a 10 week course designed to teach basic concepts for developing exploits for vulnerable Linux programs as a 1-credit class for Computer Science students at George Mason University. Each week contains lecture material for topics that build off of each other and increase in difficulty. There are 5 homework assignments and a cumulative final project in the form of several challenges scored by difficulty where you must try to earn 50 points for an A.
This class is now archived and open sourced here to benefit anyone looking to learn the wonderful skills of pwn.
Syllabus
Read the syllabus here for a comprehensive list of topics covered and course objectives.
Virtual Machine
Click here to download the OVA file for the virtual machine that you will be using for this class. Click here to download virtualbox. Once VirtualBox has been installed, complete the following steps to open your virtual machine:
- Click on File -> Import Appliance
- Select the OVA file you just downloaded and click “Next”
- Change the CPU and RAM settings to be something your computer can handle
- Click on “Import”
The username is “cs395”, and the password is “cs395isgreat!”. Make sure that you are able to install and use the virtual machine by the end of the first week.
Class Schedule
View the class schedule
Course Content
Week 1: Introduction, Integer Overflows, and Basic Buffer Overflows
Week 2: Shellcoding
Week 3: Buffer Overflows with Shellcode and Partial Overwrites
Week 4: Format String Vulns and Reverse Engineering with Ghidra
Week 5: Fuzzing Basics and Scripting Exploits
Week 6: Exploit Mitigations Overview & Defeating ASLR
Week 7: ROP and PLT and GOT
Week 8: ret2libc
Week 9: Z3 and Angr
Week 10: Binary Patching and Hooking
Assignments
Get the homework problems and answers here
Final Project
After you’ve completed all the homework assignments you’re ready to take on the final
Credits
This course was created and taught by Nihaal Prasad and Sam Goodwin