CS395-BinX.github.io

Student-created Linux Binary Exploitation course taught at George Mason University in the Spring and Fall semesters of 2021.

View on GitHub

Welcome to CS395

This is a 10 week course designed to teach basic concepts for developing exploits for vulnerable Linux programs as a 1-credit class for Computer Science students at George Mason University. Each week contains lecture material for topics that build off of each other and increase in difficulty. There are 5 homework assignments and a cumulative final project in the form of several challenges scored by difficulty where you must try to earn 50 points for an A.

This class is now archived and open sourced here to benefit anyone looking to learn the wonderful skills of pwn.

Syllabus

Read the syllabus here for a comprehensive list of topics covered and course objectives.

Virtual Machine

Click here to download the OVA file for the virtual machine that you will be using for this class. Click here to download virtualbox. Once VirtualBox has been installed, complete the following steps to open your virtual machine:

  1. Click on File -> Import Appliance
  2. Select the OVA file you just downloaded and click “Next”
  3. Change the CPU and RAM settings to be something your computer can handle
  4. Click on “Import”

The username is “cs395”, and the password is “cs395isgreat!”. Make sure that you are able to install and use the virtual machine by the end of the first week.

Class Schedule

View the class schedule

Course Content

Week 1: Introduction, Integer Overflows, and Basic Buffer Overflows

Learn here

Week 2: Shellcoding

Learn here

Week 3: Buffer Overflows with Shellcode and Partial Overwrites

Learn here

Week 4: Format String Vulns and Reverse Engineering with Ghidra

Learn here

Week 5: Fuzzing Basics and Scripting Exploits

Learn here

Week 6: Exploit Mitigations Overview & Defeating ASLR

Learn here

Week 7: ROP and PLT and GOT

Learn here

Week 8: ret2libc

Learn here

Week 9: Z3 and Angr

Learn here

Week 10: Binary Patching and Hooking

Learn here

Assignments

Get the homework problems and answers here

Final Project

After you’ve completed all the homework assignments you’re ready to take on the final

Credits

This course was created and taught by Nihaal Prasad and Sam Goodwin