ENPM809V

Welcome!

Who Am I

Graduated from UMD in '19 with a BS in CS and '21 with a ME in Cyber Security from MAGE. Involved in CSEC and helped create challenges for UMDCTF-2019/20/21/22.

Held various cyber security roles:

  • Software Security Engineer at RunSafe Security
  • Software Security Engineer for the Department of Defense

Mike - WittsEnd2

Software Engineer - C, Python, & Web

Reverse Engineer/Binary Exploitation

Hobbies: CTFs/Dev Projects, Entrepreneurship, Baseball, Music, Stocks

 

Discord: WittsEnd2

Email: mwittner@umd.edu

About the Course

  • Continuation of ENPM691 - As a student, I wanted more after ENPM691 finished, but there was nothing like it.
  • Focused on find, exploiting, and mitigating vulnerabilities in Linux
  • Why Linux?
    • Easier to set up than Windows
    • Great environment for learning
    • Open Source

About the Course

  • Much of this came from my experiences competing in CTFs, developing CTFs, and from courses I took (both in-person and online),
  • You will see citations from various people and organizations throughout the course.
    • Lots of references to pwn.college! They really helped me build up my skills in binary exploitation
  • I am sharing everything that I have learned to you.

Legal Notice

Note: I am not a lawyer.

 

Please DO NOT HACK ANYTHING THAT YOU DO NOT HAVE PERMISSION TO HACK. Although the class is called Advanced Hacking of Linux, this is a secure coding course where you are learning to exploit vulnerabilities for the purpose of understanding them. If you exploit something you aren't allowed to, you can get banned, fined, or even sent to jail.

YOU HAVE BEEN WARNED!

Syllabus

  • Start with usersapce
    • Setup/Intro to x86_64/ENPM691 Refresher
    • ROP Chain
    • Heap Vulnerabilities
    • Timing Attacks
    • Injection
  • End with Kernel Space
    • Introduction to Kernel
    • Shellcoding in the Kernel
    • Malformed programs in the kernel
    • Buffer Overflows in the Kernel
    • Heap Vulnerabilities in the kernel
    • Keyloggers/Other malicious programs
  • If we have time
    • Vulnerability Research
    • Browser Exploitation
    • Embedded Systems

Grading

  • Classwork Assignments - 0%-20% of total grade
    • Practice what was taught in class
  • Homework Assignments (Given about every two weeks) - 75% of the total grade
    • Practice from what was taught the previous two weeks
  • Final Project  - 25% of the total grade
    • Mini CTF-style project.
    • May be done in groups (TBD)

This is a very fast paced and advanced course. It is likely harder than any other course you have taken here; however, if you do the work, you will be okay!

I give a lot of A's (90% last time I taught this course).

Grading

Assignments

How to do assignments

  • Thanks to Yan and his team at ASU, We will work on the pwn.college infrastructure for most assignments
    • All of the challenges are those I wrote
    • No setup needed! Just work on the web-browser
  • Submit Code on ELMS
  • Late Assignments Receive 10% off per day late (excess of 1 week late will not be graded)

Grade Breakdown

  • 20% for submitting the flag on the pwn.college infrastructure - We will know if you solved it
    • This is dropped if homework is not on pwn infrastructure
  • Code/solution to the problem - 40%
  • Short writeup - 40%

Assignments

Writeup

  • Answer the following questions.
    • Explain what the vulnerability.
    • Why is the vulnerability exploitable?
    • How does the vulnerability work?
    • Were there any mitigations attempted by the code developer? Why did it work/didn't work?
    • What would you do to prevent the vulnerability?
    • SCREENSHOTS ARE HELPFUL
  • The goal is to not to write a lot, it is to understand what you are thinking and see if you understand it.
  • Generally 3-4 sentences per question should suffice (sometimes it will be more, sometimes it will be less).

What to Include: Code Comments

  • Your pwn.college username and User ID (not UMD UID)
  • A longer comment at the beginning explaining what the code is doing.
  • Short comments throughout the code explaining what is happening (only for the part you wrote)
    • Code comments should come at the line before

Assignments

  • If you have ANY extenuating circumstance, please let me know EARLY (sick, military, etc.)
  • Letting me know on the day the assignment is due is generally not acceptable
  • Remember, it's only 10% (of that assignment) if you submit a day late.

Communication

  • For questions about course material, assignments, please use the Discord server: https://discord.gg/k2aVudTUHw
    • Please place all homework/help related questions in the General channel.
  • For disputes or official communications please contact the instructor or TA via email:
    • Instructor's email - mwittner@umd.edu

If you are reaching out via email, the subject line of the email be in this format EXACTLY [ENPM809V]: Your Topic

Discord Server

  • We will be communicating a lot on the Discord!
  • It is a great place to:
    • Talk to Instructor, Faculty Assitant, or your classmates
    • Talk about ENPM809V Concepts
    • Talk about Concepts related to assignments
  • Only ask is to not share code for homework with other students
    • If I think it's too much, I'll let you know.
    • You will not go to academic integrity if you accidentally post too much in the official Discord Channel.

Office Hours

Michael Wittner - Instructor

 

https://calendar.app.google/9Ynf4Ht6noy7Jgm16

Office Hours

ENPM809V - Introduction

By Ragnar Security

ENPM809V - Introduction

  • 316

More from Ragnar Security