http://ocw.cs.pub.ro/courses/ 2026-05-16T07:27:33+03:00 http://ocw.cs.pub.ro/courses/ http://ocw.cs.pub.ro/courses/lib/tpl/arctic/images/favicon.ico text/html 2021-10-12T16:07:11+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-01?rev=1634044031&do=diff Introduction You will spend a large part of the labs and assignments working with binaries; in some of the cases we will also provide you with source code. You will have to find vulnerabilities in those binaries, then (possibly) exploit them and (possibly) fix the vulnerabilities in order to illustrate various secure coding practices. To achieve this, first you need to get comfortable with at least some of the common tools that are right for the job. text/html 2022-10-17T19:18:55+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-02?rev=1666023535&do=diff Overview/Motivation Why do we need a file format for a binary file? Operating systems introduce two fundamental abstractions: files and processes. Binary (executable) files can be viewed as a static abstraction of resources, while processes can be viewed as a dynamic representation of resources. The process of transforming the static entity (binary executable files) in a dynamic entity (process) is called loading. The loader, which is a piece of code that is part of the operating system, has t… text/html 2022-10-24T19:05:41+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-03?rev=1666627541&do=diff Intro The stack is a dynamic memory region of a process used to organize the contexts of functions as they are being called during execution. The memory region is allocated when a process starts, and is managed by special machine code generated by the compiler handling operations such as: resizing when functions are called or return, storing arguments and local variables, storing metadata. text/html 2022-10-31T17:22:10+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-04?rev=1667229730&do=diff Intro Whenever an attacker manages to overwrite the return address, their primary follow-up is to divert the execution flow to their advantage. One can gain a stable foothold inside the exploited system via spawning a shell from the vulnerable application. text/html 2022-11-07T14:44:22+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-05?rev=1667825062&do=diff Intro Starting from where we left off last session, you will find that in real-life scenarios, vulnerabilities leave you very little room to play with, so you have to be creative with your exploits. * Disable it for a newly spawned shell (and subsequent processes): setarch i386 -R /bin/bash text/html 2020-11-16T11:01:01+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-06?rev=1605517261&do=diff Introduction: Protection Mechanisms So far we've explored methods of abusing vulnerabilities in programs in order to gain control over them, using manual and/or automated techniques known as exploits. Ideally, programmers would carefully inspect code to remove all the possible vulnerabilities from their programs; in practice however even the most basic vulnerabilities (e.g. unchecked buffer bounds) can be easily found in the wild, which is how various hardware and software protection mechanisms… text/html 2022-11-21T14:29:49+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-07?rev=1669033789&do=diff Tasks repository All content necessary for the CNS laboratory tasks can be found in the CNS public repository. Intro This is a tutorial based lab. Throughout this lab you will learn about frequent errors that occur when handling strings. This tutorial is focused on the C language. Generally, OOP languages (like Java, C#, C++) are using classes to represent strings -- this simplifies the way strings are handled and decreases the frequency of programming errors. text/html 2021-12-14T13:28:57+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-08?rev=1639481337&do=diff Introduction As we've seen in the previous labs, due to the code integrity protection mechanisms, we cannot store our exploit code in areas marked as non-executable (e.g. data segment or stack). In this case, we need more advanced attacks like reusing parts of the already executable code in order to bypass the integrity restrictions. For instance, if we want to obtain a shell, we can replace the return address (divert control to) with the address of the system function from libc using the "/bin… text/html 2022-12-05T13:36:26+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-09?rev=1670240186&do=diff Introduction In this lab, we will resume from where we left off our last session. In many real-life cases you will encounter, a vulnerability will consist of a small buffer overflow, which will not allow you to chain a list of gadgets of arbitrary length. However, there are techniques to circumvent this. Today, we will look at two of these techniques. text/html 2021-01-11T16:59:32+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-10?rev=1610377172&do=diff Introduction Use-after-free refers to a class of bugs in which the data from a memory region is still used after the region is freed. The most common causes of use-after-free bugs are: * Wrongly handled error conditions * Unaccounted for program states * Confusion over which part of the program is responsible for freeing the memory text/html 2022-01-18T15:59:49+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-11?rev=1642514389&do=diff Resources * CyberEdu CNS CTF platform Feedback In order to improve the Computer Network Security course, your opinions and suggestions are important to us. The feedback is anonymous and the results will only become visible after the final exam. You will find the link to the feedback form on the main page of the curs.pub.ro instance for your master's program CNS class (either PDCS or SRIC). It's not in the meta-course for all students. text/html 2023-01-09T18:14:10+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-12-ctf-challenges-part-2?rev=1673280850&do=diff Feedback In order to improve the Computer Network Security course, your opinions and suggestions are important to us. The feedback is anonymous and the results will only become visible after the final exam. You will find the link to the feedback form on the main page of the curs.pub.ro instance for your master's program CNS class (either PDCS or SRIC). It's not in the meta-course for all students. text/html 2019-12-08T15:18:51+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-12?rev=1575811131&do=diff Resources * Two's complement * CERT C Coding Standard: 04. Integers (INT) * Basic Integer Overflows * Why Not Mix Signed and Unsigned Values in C/C++? * Deep C: Integer Promotion * Improving Integer Security for Systems with KINT * x86 DIV instruction * Floating point number representation text/html 2019-12-08T15:19:02+03:00 http://ocw.cs.pub.ro/courses/cns/labs/lab-13?rev=1575811142&do=diff Resources * American Fuzzy Lop * Fuzzing With AFL-Fuzz, a Practical Example ( AFL vs Binutils ) * Fuzzing with American Fuzzy Lop (AFL) * Concolic execution with S2E * angr documentation (GitHub link) * angr overview * angr -- claripy solver engine * angr -- program states * angr -- path groups * angr -- working with data and conventions * angr examples text/html 2015-09-22T16:34:52+03:00 http://ocw.cs.pub.ro/courses/cns/labs/start?rev=1442928892&do=diff Labs for the Computer and Network Security class. labs index