Vulnerability analysis and its connection to exploit development are core skills for one involved in cyber operations. This course covers vulnerability discovery and exploitation. The focus is to understand the pattern of vulnerabilities and attacks to allow students to experience protection, risk mitigation, and identify vulnerabilities in new contexts. Topics will include buffer overflows, privilege escalation attacks, input validation issues, vulnerability discovery (fuzzing and crash dump analysis), exploit development, and mitigations (e.g., DEP, ASLR, ¿).
- Describe and identify the various types of vulnerabilities, their underlying causes, their identifying characteristics.
- Define, discuss, and explain the ways in which vulnerabilities are exploited and the potential mitigation strategies.
- Explain and discuss how to apply fundamental security design principles during system design, development and implementation to minimize vulnerabilities.
- Evaluate how a vulnerability in a given context may be applied to alternative contexts and to adapt vulnerabilities so that lessons from them can be applied to alternative contexts.
- Identify a vulnerability in software employing common mitigations and develop an associated proof of concept exploit.
- Evaluate the pros and cons of vulnerability disclosure.