Note for those considering joining this course

The first lecture of the previous iteration of this course can be found at the link below. The Spring 2025 iteration of the course will function similarly to the Spring 2024 iteration with new and changed content.

A graded review module will be released and assigned on the first day of class.

It is strongly recommended to watch the lecture video and look at the assignment prior to registering for this course.

• Recording of First Lecture
• 2024 Iteration Course Dojo

Syllabus

This is the syllabus for CSE 598: Advanced Software Exploitation for Spring 2025.

Course Description

Despite decades-long concerted efforts by security researchers, modern software remains extremely vulnerable to exploitation. The smallest crack in a program's armor can be leveraged by hackers to achieve control and wreak the sort of havoc we see in cyberspace today. The techniques that hackers leverage in the pursuit of software exploitation range the gamut from extremely simple to shockingly intricate emergent properties of complex systems. Though specific techniques evolve, the battle between software attackers and defenders is as old as software itself.

A fighter needs to understand how to attack to be successful in defending against attacks. This course is an advanced foray into the specific impacts that software vulnerabilities have on software, and how attackers use them to achieve software exploitation in modern times. This course will focus on specific, cutting-edge techniques that make software exploitable today.

The course expects a thorough understanding of Computer Systems Security (for example, by having taken CSE 466 or the equivalent knowledge) and historical software vulnerabilities, and rather than rehashing them, will focus on the latest and greatest in cybersecurity.

Learning outcomes.

At the completion of this course, students will have a practical understanding the weaknesses that remain in modern software that can lead to its exploitation. This understanding will shed light onto deep inner workings of the underpinnings of modern software, and make successful students in this course knowledgeable not just about how software is exploited, but how to mitigate this exploitation and how these deep layers of software substratum work. Students will also understand, at a fundamental level, how software works, as they use this underlying operation to further exploitation.

Course Topics

The concepts that we will cover in this course will include, but not be limited to:

• Exploitation Primitives and Memory Mastery
• Format String Attacks
• FILE Structure Hijacking
• Dynamic Allocator Exploitation
• Pivoting hosts, Post-Exploitation, and Malware
• Windows (PE Binaries)
• Windows Exploitation
• Kernel Exploitation

Each module will take one to two weeks, with little slack throughout the semester for review and catch-up. Each lecture will consist of an introduction to a new topic, examples of real-world effects of security failures related to the topic, and an assignment for students to explore these concepts. These assignments will be very thorough, and by the end, students will have an intuitive understanding the weaknesses that remain in modern software that can lead to its exploitation.

Prerequisites

This course will be EXTREMELY challenging, and students are expected to learn some of the necessary technologies on their own time. A successful completion of CSE 466 or the equivalent knowledge is critical to success in this course.

Recommended Textbook

There is no recommended textbook for this course. Any reading material assigned will be from publicly-available sources on the internet.

Course Communication

All announcements and communications for the class will take place on the course discord, with announcements in the #announcements public channel and discussion in the #text class-specific channel. Students are required to be on this discord.

Student may use the discord to ask questions or clarifications, and the TA, Instructor, or other students can answer. Note that sharing full solution scripts or answers is expressly prohibited, but otherwise, collaboration on the way to the solution is allowed.

Questions may be directly messaged to the instructors.

Name	Discord Handle
Robert Wasinger	robwaz
Adam Doupé	adamd

Before directly messaging your question, please consider asking it on the discord instead. This way, the entire class will benefit from your question.

Office Hours

Remote office hours will be held weekly. All students are encouraged to attend office hours.

Course Role	Name	Office Hours
Instructor	Robert Wasinger	TBD

Assignments

Assignments only, no exams or quizzes.

Students performance will be evaluated on between 7 and 14 homework equaly weighted assignments (the modules), where each assignment consisting of between 10 and 40 challenge problems.

Module Scoring

The first 20% of an assignment is earned by solving the first 1/3 of the challenges by the checkpoint deadline: you either earn it, or you don't.

• For assignments that run one week, this checkpoint is the due date.
• For assignments that run two weeks, the deadline is one week into the assignment. The remaining 80% of an assignment is earned by solving challenges: your solves / total number of challenges; with solves after the assignment deadline being worth half credit.

Assignment timing.

Assignments will typically be released on Fridays, and will be due at 11:59pm on the assigned date. Modules will be active for at least 10 days. All grading is done automatically. Late submissions are allowed, but only earn half points toward the final grade.

Challenge-based assignments with flags as rewards.

Each assignment will consist of a large amount of varied, but related challenges, and will be live for between one and two weeks. Solving these challenges may require the use or implementation of fairly complex hacking tools. Solving each individual challenge will grant a challenge-specific passcode, called a "flag". The maximum number of flags possible to score for an assignment is equal to the maximum number of challenges in the assignment.

The existence of flags means that there is no wrong way to solve a challenge. If you tricked the challenge into giving you the valid flag, good job.

Extra credit: helping others.

We have recruited the help of a reputation bot on the pwn.college discord. Whenever you get thanked by a student (By reacting with a specific emoji) in a public discord channel, the reputation bot will react with a thanks emoji and log the interaction. Extra credit for receiving thanks is worth 0.1% course extra credit, for up to 5% extra credit at 50 thanks recieved.

Collaboration Policy

Collaboration is highly encouraged in this course. However, there is a delicate balance between being excessively helpful, and learning. The purpose of course collaboration is understanding concepts. As such, questions and answers should be focused on concepts, and not how to solve challenge X.

The challenges explore important concepts, and so it is fine to discuss the challenges. However, you may not discuss full or significant portions of a challenge's solution. Furthermore, you may not intentionally solve challenges as a group. The assignments must still be solved individually.

Feel free to discuss ideas important to the challenge, or tools which may be useful.

If there is any confusion, just ask! We try to assume good intentions, but egregious violations are an academic integrity violation.

Extra credit: memes

Are you a meemer? Meme, and earn grades! In order to foster a good learning community, and encourage creative thinking around the material, you may receive extra credit each week for sharing educational memes in the course discord. If you post an on-topic meme in the #memes channel and we emoji-react to acknowledge it, you will get 0.5% extra credit, to your final grade, per week. It is important to note that memes must be relevant, educational, and non-offensive. No excessively spicy memes please. The course discord bot will acknowledge credited memes with a "good_meme" emoji if the meme is approved by the course staff. Good memes will be reviewed in class. Please, meme away!

More extra credit: bug bounty program.

Any responsibly-disclosed serious security issues in course infrastructure will earn an extra 1 to 25 "bug bounty" percentage points to their final grade, depending on the severity of the issue. Blatantly spurtious reports may earn a negative percentage report of up to -5 percentage points. Allowances will be made for honest mistakes leading to a spurtious bug bounty filing, but please don't waste our time on purpose.

Final grade calculation.

The final grade will be calculated by averaging the grades of each homework assignment, equally weighted, then adding extra credit. Percentages will be translated to letter grades with the following initial cutoffs:

Percentage Grade	Letter Grade
>= 100	A+
>= 92	A
>= 90	A-
>= 88	B+
>= 82	B
>= 80	B-
>= 78	C+
>= 70	C
>= 60	D
< 60	E

With the exception of the cutoff for A+, these cutoffs can be curved downward in the event that students do worse than expected. To date, courses teaching this material HAVE NOT curved. Updates on the theme of "The class' grade" will be provided at the conclusion of each assignment.

Special Accommodations

Students requesting disability accommodations should register with the Disability Resource Center (DRC) and present the instructor with appropriate documentation from the DRC.

Plagiarism and Cheating

Plagiarism or any form of cheating in assignments or projects is subject to serious academic penalty. To understand your responsibilities as a student read: ASU Student Code of Conduct and ASU Student Academic Integrity Policy. There is a zero tolerance policy in this class: any violation of the academic integrity policy will result in a zero on the assignment and the violation will be reported to the Dean’s office. Plagiarism is taken very seriously in this course.

Examples of academic integrity violations include (but are not limited to):

• Sharing code with a fellow student (even if it’s only a few lines).
• Collaborating on code with a fellow student (unless explicitly allowed).
• Using another students solution to solve a challenge and get a flag.
• Sharing a flag with another student (NEVER ALLOWED UNDER ANY CIRCUMSTANCES).

Posting your assignment solutions online is expressly forbidden, and will be considered a violation of the academic integrity policy. Note that this includes working out of a public Github repository. The Github Student Developer Pack provides unlimited private repositories while you are a student, making it easy to begin with a private GitHub repository.

Syllabus Update

Information in the syllabus may be subject to change with reasonable advance notice and an announcement on discord.

Misc

Syllabus copyright 2024 Robert Wasinger and Adam Doupé, along with all lectures and course-related written materials. During this course students are prohibited from making audio, video, digital, or other recordings during class, or selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of the faculty member teaching this course. Be reasonable.

Title IX is a federal law that provides that no person be excluded on the basis of sex from participation in, be denied benefits of, or be subjected to discrimination under any education program or activity. Both Title IX and university policy make clear that sexual violence and harassment based on sex is prohibited. An individual who believes they have been subjected to sexual violence or harassed on the basis of sex can seek support, including counseling and academic support, from the university. If you or someone you know has been harassed on the basis of sex or sexually assaulted, you can find information and resources at https://sexualviolenceprevention.asu.edu/faqs.

As a mandated reporter, I am obligated to report any information I become aware of regarding alleged acts of sexual discrimination, including sexual violence and dating violence. ASU Counseling Services, https://eoss.asu.edu/counseling, is available if you wish discuss any concerns confidentially and privately.