Hi All,
I believe grades are being released through UNSW in the next 24hrs. Unfortunately final grades for this course have not yet been finalised - this will happen over the weekend, and I'm hoping to get your grade to you on Monday.
If you're desperate for your provisional grade (before any scaling occurs), please email cs6447@cse.unsw.edu.au and I'll do my best to get back to you in the next few days (still marking 6441, sorry!). Please do NOT ping anyone on slack about this.
If you have any concerns about this, please email the class account and we'll see what we can do to help you.
Lachlan
Hey I've just updated the exam binaries, please redownload them from the same link as the previous announcement :)
Exam time is coming soon...
Good luck in the exam tomorrow, Please make sure you bring your laptop + charger (if you are using your own computer) and please be on time. (Arrive at 8:45 am )
The binaries are available for downloaded as an encrypted tarball at:
https://cloudstor.aarnet.edu.au/plus/s/9uiUP34NpxLlMgH
The password will be released during the exam, please make sure you know how to (and are capable of) extracting files from a gpg encrypted tarball, (there's an example one on the skeleton website.
Thanks
I come with updates!
The exam will be at 9am in the strings lab (cello/viola labs) in J17 (Ainsworth)
Please arrive to the lab by 8:45 am so we can start on time.
Also there is a practice / skeleton exam at https://skeleton.final.plzpwn.me/ if you are interested. The exam will be in a very similar format to this. Please make sure you read all the instructions, there is 1 practice challenge for each section on the skeleton.
good luck in your exams.
Todays lecture (Wk11) will be in the seclab at the usual time.
- Lachlan.
3 Important things. I'm lazy, so have some dot points:
Cheers,
Lachlan
So I made a mistake today in class when talking about stack pivots. I've reuploaded the challenge (it works now i promise), and a sample solution script I wrote up. http://cgi.cse.unsw.edu.au/~cs6447/19T2/lab/09/
I said that you would need a `sub esp, xxx` instruction, but this wouldn't do much as it would move esp out of the stackframe into uninitialised memory. Instead you'd need an `add esp, xxx` instruction, which would move esp into the previous stackframe (where your second buffer was).
I recommend reading through the script, and asking me if there's something in there that doesn't make sense
https://cloudstor.aarnet.edu.au/plus/s/qv0cr9jPvOkxrzP
The midsem challenges are now available for download as an encrypted tar ball. The password will be released during the exam tomorrow. Please try to download the challenges before the exam period, if there are internet problems during the exam, we may not be able to help.
Also please try to get to Seclab by
12:00
, as the exam will start at
12:15
sharp.
Good luck in the exam tomorrow. My best tip for the exam would be, if you get stuck on a question, move on, and come back if you have time. Also write down all your ***thoughts*** there are marks for partial solutions!!!
Exam style practice challenge
we've released a practice challenge in the same style as the mini-exam challenges. you can download the binary and access the challenge with the details listed below
challenge: plzpwn.me:9999 (example not really up)
binary: https://cloudstor.aarnet.edu.au/plus/s/h38lFBW8RZzf3t5
the tar file containing the challenge has been encrypted, you can decrypt it with the gpg command. (you will be required to do this during the exam)
gpg prac.tar.gpg (the password is password)
exploit the binary to retrieve the flag on the remote system.
---
Seating allocations
you will be seated in *seclab*, unless you have communicated with us that you do not have your own machine to complete the exam.
please remember to bring your student card as we will be checking your id. if you happen to forget your student card, a government issued identification card may be used as a substitute.
if you are an unofficial student, please do not attend the exam. there is no space in the lab for you so please don't rock up and randomly sit in a seat. we may or may not release this exam at a later date.
---
Exam info
* 1.5 hours, taking place during the lecture slot on the 8th of july, worth 10%
* internet access allowed. no restrictions on tools used.
* bring your own laptop. email us immediately if you cannot bring one.
* 1x buffer overflow challenges.
* 2x format string challenge.
* all challenges are equally marked. one mark per challenge for retrieving the flag.
* source code will not be provided.
* challenges are hosted remotely (you will be given an address+port for each challenge).
* you will be given a copy of the binaries to write an exploit for. each challenge can be triggered to print a flag, in the form of 6447{text}. you will need to exploit the remotely hosted binary to retrieve the flag for that challenge.
---
Other notes
* the binaries provided to you will not contain the real flag. you must exploit the remote binary.
* be prepared to exploit the binaries over the network.```
Hey people,
Regarding the mid-semester exam. The exam will be held in oud lab near seclab in K17, during the monday week 6 lecture slot.
The exam will contain 3 challenges similar to your wargames. The exam will be 90 minutes , there will be 1 buffer overflow challenge and 2 format string challenge. I want to reiterate that solving 2 challenges in this time, is considered great performance. However if you are not able to solve one or more of the challenges, we definitely suggest still submitting partial scripts and writeups of what you have found, and your thought process to trying to solve the challenge, so we can give as many marks as possible to you. We'll update you with more info regarding the exam next week.
regarding tooling:
The great thing about security, and especially binary exploitation, is the plethora of tooling (such as pwntools) developed to make our lives easier. Two things that you'll come to find in this course, that may become repetitive, is writing your own shellcode, and writing your own format string payloads. These are things that once you have done once or twice, don't really change much challenge to challenge, and as such, there are tools to make our lives easier. The two main tools for these things are pwntools shellcraft for generating shellcode, and pwntools format string libraries for generating format string payloads.
These tools are
amazing
. We use these tools, and we recommend you learn how to use them as they will make your life easier. However during this course, and mainly wargames, we want you to learn the fundamentals of how these different exploitation techniques work,
Mainly we don't want you to submit auto generated code, or calls to functions that will generate payloads that you don't understand
.
In saying this, during wargames we won't allow using tools such as
pwntools.shellcraft and pwntools.
fmtstr
to generate payloads, we expect you to either write
your own payloads, or write your own tools to generate payloads.
However,
during the exams we will allow you to use these tools
, as they will save you a lot of time. So we definitely recommend learning how to use them!
cheers
adam
Hi All,
The midterm will be in Wk06 in the lecture slot. BYOD (We are providing a stock VM with tools installed if you do not have a laptop), it will be in Oud Lab, please arrive on time.
No chat apps are to be open during the exam, we will re-iterate this and other conditions at the time.
For any questions, feel free to ask on slack or email the class account.
Cheers,
Lachlan
Hey All,
As Google CTF is this weekend and we know many of you want to participate in that, we've decided to extend the due date of Wargame 3 by 24hrs, so that it is now due Monday(24/06/19) 11:59pm.
Give
will be updated to reflect that in the next few hours.
This does not effect the early submission/ /bonus (which has already passed).
Good luck, Have fun
Hey,
We've fixed a small issue with one of the challenges in Wargame 3, If you've already downloaded the challenges, we suggest you redownload the challenges from the Wargame page.
Also regarding submissions for this weeks wargames, as the topic of the week is `shellcode`, we expect you to write the shellcode(assembly) yourself, and have this in your submission.
You
shouldn't use any tools to generate your shellcode this week
Thanks,
Adam
Hey All,
Just letting you know that where previously we said we would award a 1/2 mark bonus for wargame submissions before Midnight Friday, now we are adapting that to only offer the bonus for complete & correct solutions submitted by this deadline. This bonus is not something we expect students to achieve, it is meant to be an extra reward (you can get 100% without this). However we will honor all early submissions to date, as it is our fault we did not clarify this.
Thanks,
Lachlan
An unfortunate number of students didn't submit last week. Wargames are an essential part of the course - remember, submitting something is better than submitting nothing, and if you're struggling PLEASE speak to either of the lecturers, course admin or tutor.We are all here solely to help you.
To those of you who did submit, well done! Your results are now available in Give .
Hi,
Just a reminder that next week's lecture will be running in the seminar slot on Tuesday from 4pm. We will be covering reverse engineering and buffer overflows.
Wargames will be released each week after the lecture (Monday afternoon). They will be due Sunday 11:59pm the same week, however (small) bonus marks are available if submitted by Friday 11:59pm of that week.
Hey everyone,
Unfortunately due to the very small cohort, CSE has decided that all students (all 15 of you!) can fit into a single class, and so have closed all but one lab and seminar. What this means is that the ONLY lab that is running will be Tuesday 12pm-2pm and the ONLY seminar is Tues 4pm-5pm.
Could everyone just please confirm that the classes that you are enrolled in matched with what http://timetable.unsw.edu.au/2019/COMP6447.html says is running - these will be the only classes which are attended by course staff.
Apologies for any inconvenience - we don't like changing the timetable any more than you like it being changed.
Lachlan
Hello!
Lectures and tutorials will be running every week. As Monday 10th June is a public holiday, the week 2 lecture has been cancelled, and we will be utilising the seminars that week to catch up on the lecture content.
Most of you are correctly enrolled in the right tutorial, however since we need the seminar slot in week 2, would you please double check via myunsw that you are only enrolled in these classes.
Sorry for the inconvenience!
Hi everyone, the course outline has been released, If you have any questions about it feel free to email us.
The outline mentions that this course has a textbook (Designing BSD Rootkits). The textbook's main use will be for working on the main assignment for this course.
It is not required to do the assignment, or to complete this course, however we definitely recommend either buying or borrowing it as it will be a lot of help for the assignment.
If you are interested in purchasing the textbook there is a great deal currently on
humble bundle
to buy a PDF version of it for $1.50
Cheers!
Welcome to COMP6447: System and Software Security Assessment.
To help us get a feel for the students in this course, please complete the three Intro Poll's located here.
While we will be putting notices on Webcms3, a lot of (informal/social) course discussion will occur in https://seceduau.slack.com #comp6447 slack channel, so please join that to stay up to date!
If you have any concerns about the course, please email cs6447@cse.unsw.edu.au
Thanks!