Coder Social home page Coder Social logo

breaking-binaries's Introduction

Introduction

"Breaking Binaries" is an IN PROGRESS series of labs and materials (perhaps even something that could be described as "a class"!) intended to walk interested students through native software exploitation, starting with the basics and moving to creating exploits for real CVEs. It's under development by Everett Maus.

Honor Code/Disclaimers

First off: This is not an officially supported Google product.

Please use what you learn here to improve software you write, or improve other people's software by reporting bugs. These techniques are double edged--knowing them could allow you to write harmful malware or break other user's computers. This material is presented without judgment for how you choose to use it--follow your own moral compass--but also with the understanding that you'll take responsibility for your actions.

The code in this repository is explicity written to be vulnerable to various exploitation techniques. This should seem obvious, but do not use the code patterns here in anything that matters.

Prerequisites

It would be helpful to have a basic understanding of C/C++ and x86/x86_64 assembly. You should be able to achieve a sufficient understanding of both by working through the class materials of UVa's Computer Science class CS2150. The course author assumes that you can read C/C++ and have seen some assembly before.

Getting Started

Step 1: Wait for more content. Let's be real with each other--this course is in development. Once the first few labs are done it'll be in a much better place to start.

Step 2: Clone the repository, and go to Basics and read Getting Started.md there.

Course Structure

IN PROGRESS. The labs in "Basics" are under construction. See the Basics TODO for more details.

As far as class structure, you'll want to start with the "Basics" section, before moving to "Mitigations", then the "More advanced" section, and finally "Modern Exploits".

The "Basics" section is roughly 10% done. (In progress/started) The goal of the basics section is to walk you through the basics of exploitable bugs in C/C++.

The "Mitigations" section is roughly 0% done. (Not started) The goal of the Mitigations section is to walk you through basic binary level mitigations that impede the exploitation techniques in the "Basics" section.

The "More Advanced" section is roughly 0% done. (Not Started) The goal of this section is to walk you through getting around the mitigations in the Mitigations section.

The "Modern Exploits" section is roughly 0% done. (Not started) The goal of this section is to cover advanced topics, like building an exploit from a CVE, fuzzing, etc.

Licensing

All code and code samples are licensed under the APACHE 2.0 License, which can be found in the root of the repository as "LICENSE". All other course materials (readings, slides, images, etc.) are licensed under the CC-BY 4.0 License, which can also be found in the root of the repository, as "CONTENT_LICENSE".

Build and Test

IN PROGRESS/NOT STARTED. Long term, my hope is to automatically build all of the readings/labs and test that the labs work as expected (e.g. by automatically exploiting the code). However, that is not implemented yet.

Contribute

Found a typo/bug, want to contribute a fix or have an idea for more content? Send a pull request or file an issue!

breaking-binaries's People

Contributors

evmaus avatar evmaus-ms avatar

Stargazers

Wil Thomason avatar Charles Eckman avatar

Watchers

James Cloos avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.