Module: Memory Errors

Because of the lack of memory safety in low-level languages, such as C, memory corruption vulnerabilities manifest quite frequently, to brutal effect. This module will explore a number of different exploitation scenarios, using different types of flaws to achieve control over software.

Lectures

The lectures for this module are:

• Memory Errors: Introduction (slides here)
• Memory Errors: High-level Problems (slides here)
• Memory Errors: Smashing the Stack (slides here)
• Memory Errors: Causes of Corruption 1 (slides here)
• Memory Errors: Causes of Corruption 2 (slides here)
• Memory Errors: Stack Canary Mitigations (slides here)
• Memory Errors: ASLR Mitigations (slides here)
• Memory Errors: Causes of Disclosure (slides here)

The following lectures from previous modules are also quite relevant:

• Program Interaction: Binary Files (slides here)
• Program Interaction: Linux Process Loading (slides here)
• Program Interaction: Linux Process Execution (slides here)
• Assembly Refresher: Computer Architecture (slides here)
• Assembly Refresher: Assembly (slides here)
• Shellcoding: Data Execution Prevention (slides here)

Practice

Practice problems for this module are live on the dojo!

Further Reading

• The course “Vulnerabilities 1001: C-Family Implementation Vulnerabilities” from OpenSecurityTraining2 dives into other types and causes of vulnerabilities in C code!