Module: Memory Errors
Because of the lack of memory safety in low-level languages, such as C, memory corruption vulnerabilities manifest quite frequently, to brutal effect. This module will explore a number of different exploitation scenarios, using different types of flaws to achieve control over software.
Lectures
The lectures for this module are:
- Memory Errors: Introduction (slides here)
- Memory Errors: High-level Problems (slides here)
- Memory Errors: Smashing the Stack (slides here)
- Memory Errors: Causes of Corruption 1 (slides here)
- Memory Errors: Causes of Corruption 2 (slides here)
- Memory Errors: Stack Canary Mitigations (slides here)
- Memory Errors: ASLR Mitigations (slides here)
- Memory Errors: Causes of Disclosure (slides here)
The following lectures from previous modules are also quite relevant:
- Program Interaction: Binary Files (slides here)
- Program Interaction: Linux Process Loading (slides here)
- Program Interaction: Linux Process Execution (slides here)
- Assembly Refresher: Computer Architecture (slides here)
- Assembly Refresher: Assembly (slides here)
- Shellcoding: Data Execution Prevention (slides here)
Practice
Practice problems for this module are live on the dojo!
Further Reading
- The course “Vulnerabilities 1001: C-Family Implementation Vulnerabilities” from OpenSecurityTraining2 dives into other types and causes of vulnerabilities in C code!