research-article

Public Access

Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course

Authors:

Tiffanie Petersen,

Chris StricklanAuthors Info & Claims

ITiCSE '22: Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 1

Pages 442 - 448

https://doi.org/10.1145/3502718.3524744

Published: 07 July 2022 Publication History

Abstract

Analyzing binary programs without source code is critical for cybersecurity professionals. This paper presents an undergraduate binary reverse engineering course design that culminates with a comprehensive binary exploitation competition. Our approach challenges students to develop tools that automatically detect and exploit program vulnerabilities. We hypothesize that this competition presents a unique opportunity to exercise the core competencies of binary reverse engineering. We share our detailed design, labs, experiences, and lessons learned from this course for others to build on our initial success.

References

[1]

Aleph One. 1996. Phrack: Smashing the stack for fun and profit. http://www.phrack.com/issues/49/14.html

[2]

Arm Limited. 2020. Arm Architecture Reference Manual Armv8. https://developer.arm.com/documentation/ddi0487/gb/

[3]

Thanassis Avgerinos, David Brumley, John Davis, Ryan Goulden, Tyler Nighswander, Alex Rebert, and Ned Williamson. 2018. The mayhem cyber reasoning system. IEEE Security & Privacy, Vol. 16, 2 (2018), 52--60.

[4]

John Aycock, Andrew Groeneveldt, Hayden Kroepfl, and Tara Copplestone. 2018. Exercises for teaching reverse engineering. In Conference on Innovation and Technology in Computer Science Education. ACM, Larnaca Cyprus, 188--193.

Digital Library

[5]

César Morillas Barrio, Mario Mu noz-Organero, and Joaqu'in Sánchez Soriano. 2015. Can gamification improve the benefits of student response systems in learning? An experimental study. In IEEE Transactions on Emerging Topics in Computing, Vol. 4.3. IEEE, Piscataway, NJ, 429--438.

[6]

Binary Ninja. 2021 a. Using Plugins. https://docs.binary.ninja/guide/plugins.html

[7]

Binary Ninja. 2021 b. Binary Ninja Documentation: Working with Types, Structures, and Symbols. https://docs.binary.ninja/guide/type.html

[8]

Tim Blazytko. 2021. Automation in Reverse Engineering: String Decryption. https://synthesis.to/2021/06/30/automating_string_decryption.html

[9]

Sergey Bratus. 2007. What hackers learn that the rest of us don't: notes on hacker curriculum. IEEE Security & Privacy, Vol. 5, 4 (2007), 72--75.

Digital Library

[10]

Logan Brown, Gavin Hayes, and Tejas Rao. 2017. Reinventing Bomblab. Reinventing Bomblab. https://digital.wpi.edu/downloads/s7526g02j

[11]

Tanner J Burns, Samuel C Rios, Thomas K Jordan, Qijun Gu, and Trevor Underwood. 2017. Analysis and Exercises for Engaging Beginners in Online CTF Competitions for Security Education. In 2017 USENIX Workshop on Advances in Security Education (ASE 17). USENIX, Vancouver, BC, Canada, bibinfonumpages9 pages.

[12]

Peter Chapman, Jonathan Burket, and David Brumley. 2014. PicoCTF: A game-based computer security competition for high school students. In 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14) . USENIX, San Diego, CA, bibinfonumpages10 pages.

[13]

Kevin Chung. 2017. Live Lesson: Lowering the Barriers to Capture The Flag Administration and Participation. In 2017 USENIX Workshop on Advances in Security Education (ASE 17) . USENIX, Vancouver, BC, Canada, bibinfonumpages6 pages.

[14]

CISA. 2021 a. Joint Cybersecurity Advisory: Conti Ransomware.

[15]

CISA. 2021 b. Known Exploited Vulnerabilities Catalog. https://www.cisa.gov/known-exploited-vulnerabilities-catalog

[16]

Christian Collberg. 2018. Code obfuscation: Why is this still a thing?. In Conference on Data and Application Security and Privacy. ACM, Tempe,AZ, 173--174.

Digital Library

[17]

Christian Collberg. 2021. The Tigress C Obfuscator. https://tigress.wtf/

[18]

Shruti Dixit, TK Geethna, Swaminathan Jayaraman, and Vipin Pavithran. 2021. AngErza: Automated Exploit Generation. In Conference on Computing Communication and Networking Technologies (ICCCNT). IEEE, West Bengal, India, 1--6.

[19]

Ruian Duan, Ashish Bijlani, Yang Ji, Omar Alrawi, Yiyuan Xiong, Moses Ike, Brendan Saltaformaggio, and Wenke Lee. 2019. Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries. In NDSS. Internet Society, San Diego, CA, bibinfonumpages15 pages.

[20]

Fabian Faessler. 2015. LiveOverflow: Reversing and Cracking First Simple Program - Bin 0x05. https://www.youtube.com/watch?v=VroEiMOJPm8

[21]

Fabian Faessler. 2016. LiveOverflow: Simple Tools and Techniques for Reversing a Binary - Bin 0x06. https://www.youtube.com/watch?v=3NTXFUxcKPc

[22]

Fabian Faessler. 2019. LiveOverflow: Patching Binaries. https://www.youtube.com/watch?v=LyNyf3UM9Yc

[23]

John Hammond. 2020. Google CTF - Beginner Reverse Engineering with Angr. https://www.youtube.com/watch?v=RCgEIBfnTEI

[24]

Hex Rays. 2022. IDA Educational Licenses. https://hex-rays.com/educational/

[25]

Mateusz Jurczyk. 2020. Windows System Call Tables. https://github.com/j00ru/windows-syscalls

[26]

Max Kamper. 2021. ROP Emporium. https://ropemporium.com

[27]

Peter LaFosse. 2017. Automating Opaque Predicate Removal. https://binary.ninja/2017/10/01/automated-opaque-predicate-removal.html

[28]

Xusheng Li. 2021. Winning The Grand Reverse Engineering Challenge. https://binary.ninja/2021/09/02/winning-the-grand-re-challenge.html

[29]

Danjun Liu, Jingyuan Wang, Zelin Rong, Xianya Mi, Fangyu Gai, Yong Tang, and Baosheng Wang. 2018. Pangr: A Behavior-Based Automatic Vulnerability Detection and Exploitation Framework. In Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering. IEEE, New York, NY, 705--712.

[30]

Chris Lomont. 2009. Introduction to x64 Assembly - Intel. https://www.intel.com/content/dam/develop/external/us/en/documents/introduction-to-x64-assembly-181178.pdf

[31]

Maria Markstedter. 2020. Introduction to ARM Assembly Basics. https://azeria-labs.com/writing-arm-assembly-part-1/

[32]

Michael Matz, Jan Hubicka, Andreas Jaeger, and Mark Mitchell. 2013. System V ABI. https://refspecs.linuxbase.org/elf/x86_64-abi-0.99.pdf

[33]

Microsoft. 2021 a. Visual Studio 2019: x64 Calling Convention. https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention?view=msvc-160

[34]

Microsoft. 2021 b. MSRC Customer Guidance Security Update Gude: Vulnerability CVE-2021--1675. Windows Print Spooler Remote Code Execution Vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021--1675

[35]

Microsoft. 2021 c. MSRC Customer Guidance Security Update Gude: Vulnerability CVE-2021--34527. Windows Print Spooler Remote Code Execution Vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021--34527

[36]

MITRE. 2020. CVE-2021--1675. Available from MITRE, CVE-ID CVE-2021--1675. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021--1675

[37]

MITRE. 2021. CVE-2021--34527. Available from MITRE, CVE-ID CVE-2021--34527. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021--34527

[38]

NSA. 2022. Academic Requirements for Designation as a CAE in Cyber Operations Fundamental. https://www.nsa.gov/Resources/Students-Educators/centers-academic-excellence/cae-co-fundamental/requirements/

[39]

TJ OConnor. 2022. HELO DarkSide: Breaking Free From Katas and Embracing the Adversarial Mindset in Cybersecurity Education. In Special Interest Group on Cyber Security Education (SIGCSE). ACM, Virtual Event.

[40]

TJ OConnor and Chris Stricklan. 2021. Teaching a Hands-On Mobile and Wireless Cybersecurity Course. In Innovation and Technology in Computer Science Education (ITiCSE). ACM, Virtual Event, 296--302.

[41]

Rodney Petersen, Danielle Santos, Matthew Smith, and Gregory Witte. 2020. Workforce Framework for Cybersecurity (NICE Framework).

[42]

Matt Pietrek. 2002. An In-Depth Look into the Win32 Portable Executable File Format. https://docs.microsoft.com/en-us/archive/msdn-magazine/2002/february/inside-windows-win32-portable-executable-file-format-in-detail

[43]

Roman Rohleder. 2019. Hands-on ghidra-a tutorial about the software reverse engineering framework. In Proceedings of the 3rd ACM Workshop on Software Protection. ACM, London,UK, 77--78.

Digital Library

[44]

Team Shellphish. 2017. Phrack: Cyber Grand Shellphish. http://www.phrack.org/issues/70/4.html#article

[45]

Wei-Cheng Milton Shen, De Liu, Radhika Santhanam, and Dorla A Evans. 2016. Gamified technology-mediated learning: The role of individual differences. In Pacific Asia Conference on Information Systems (PACIS). Association For Information System, Chiayi, Taiwan, bibinfonumpages18 pages.

[46]

Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, et almbox. 2016. Sok:(state of) the art of war: Offensive techniques in binary analysis. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, 138--157.

[47]

Jia Song and Jim Alves-Foss. 2015. The darpa cyber grand challenge: A competitor's perspective. IEEE Security & Privacy, Vol. 13, 6 (2015), 72--76.

Digital Library

[48]

Jacob Springer and Wu-chang Feng. 2018. Teaching with angr: A Symbolic Execution Curriculum and $$CTF$$. In 2018 Workshop on Advances in Security Education (ASE 18). USENIX, Baltimore, MD, bibinfonumpages8 pages.

[49]

Richard Stallman, Roland Pesch, and Stan Shebs. 2021. Debugging with GDB . https://sourceware.org/gdb/current/onlinedocs/gdb/index.html

[50]

Nick Stephens, John Grosen, Christopher Salls, Audrey Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In NDSS . Internet Society, San Diego, CA, bibinfonumpages16 pages.

[51]

Chris Stricklan and TJ OConnor. 2021. Towards Binary Diversified Challenges For A Hands-On Reverse Engineering Course. In Innovation and Technology in Computer Science Education (ITiCSE) . ACM, Virtual Event, 102--107.

[52]

Clark Taylor and Christian Colberg. 2016. A tool for teaching reverse engineering. In Workshop on Advances in Security Education . USENIX, Vancouver, BC, bibinfonumpages8 pages.

[53]

Team Teso. 2001. Exploiting Format String Vulnerabilities. http://www.madchat.fr/coding/c/c.seku/format_string/formatstring.pdf

[54]

TIS Committee. 1993. Tool Interface Standard (TIS): Portable Formats Specification Version 1.1. http://refspecs.linux-foundation.org/elf/TIS1.1.pdf

[55]

Linus Torvalds. 2021. The Linux Kernel: Linux Networking. https://linux-kernel-labs.github.io/refs/heads/master/labs/networking.html

[56]

Yu-Jye Tung. 2021. Analysis of Anti-Analysis. https://github.com/yellowbyte/analysis-of-anti-analysis/

[57]

Vector35. 2022. Binary Ninja. https://binary.ninja

[58]

Fish Wang and Yan Shoshitaishvili. 2017. Angr-the next generation of binary analysis. In 2017 IEEE Cybersecurity Development . IEEE, Cambridge, MA, 8--9.

[59]

Shenglin Xu, Peidai Xie, and Yongjun Wang. 2020. AT-ROP: Using static analysis and binary patch technology to defend against ROP attacks based on return instruction. In International Symposium on Theoretical Aspects of Software Engineering (TASE). IEEE, Shanghai, CN, 209--216.

[60]

Yao Yao, Wei Zhou, Yan Jia, Lipeng Zhu, Peng Liu, and Yuqing Zhang. 2019. Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution. In European Symposium on Research in Computer Security. Springer, Luxembourg, 638--657.

Digital Library

Cited By

Brown NXie BSarder EFiesler CWiese E(2024)Teaching Ethics in Computing: A Systematic Literature Review of ACM Computer Science Education PublicationsACM Transactions on Computing Education10.1145/363468524:1(1-36)Online publication date: 14-Jan-2024
https://dl.acm.org/doi/10.1145/3634685
Fernalld KOConnor TSudhakaran SNur N(2023)Lightweight Symphony: Towards Reducing Computer Science Student Anxiety with Standardized Docker EnvironmentsProceedings of the 24th Annual Conference on Information Technology Education10.1145/3585059.3611432(15-21)Online publication date: 11-Oct-2023
https://dl.acm.org/doi/10.1145/3585059.3611432

Index Terms

Toward an Automatic Exploit Generation Competition for an Undergraduate Binary Reverse Engineering Course
1. Social and professional topics
  1. Professional topics
    1. Computing education
      1. Model curricula
2. Software and its engineering
  1. Software creation and management
    1. Software post-development issues
      1. Software reverse engineering

Recommendations

FAEG: Feature-Driven Automatic Exploit Generation
Internetware '23: Proceedings of the 14th Asia-Pacific Symposium on Internetware

Buffer overflow vulnerabilities are prevalent in software applications, and their automatic detection and exploitation are of great significance. Modern operating systems implement security mitigation to prevent the exploitation of these ...
PWN Lessons Made Easy with Docker: Toward an Undergraduate Vulnerability Research Cybersecurity Class
SIGCSE 2024: Proceedings of the 55th ACM Technical Symposium on Computer Science Education V. 1

Developing expertise in vulnerability research is critical to closing the cybersecurity workforce shortage. However, very few institutions have adopted vulnerability research into their cybersecurity curriculum, and fewer have examined how to teach this ...
Teaching security defense through web-based hacking at the undergraduate level

The attack surface for hackers and attackers is growing every day. Future cybersecurity professionals must have the knowledge and the skills to defend against these cyber attacks. Learning defensive techniques and tools can help defend against today's ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ITiCSE '22: Proceedings of the 27th ACM Conference on on Innovation and Technology in Computer Science Education Vol. 1

July 2022

686 pages

ISBN:9781450392013

DOI:10.1145/3502718

General Chairs:
Brett A. Becker
University College Dublin, Ireland
,
Keith Quille
Technological University Dublin, Ireland
,
Mikko-Jussi Laakso
University of Turku, Finland
,
Program Chairs:
Erik Barendsen
Radboud University & Open University, The Netherlands
,
Simon
Unaffiliated, Australia

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCSE: ACM Special Interest Group on Computer Science Education

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 July 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

ONR

Conference

ITiCSE 2022

Sponsor:

SIGCSE

ITiCSE 2022: Innovation and Technology in Computer Science Education

July 8 - 13, 2022

Dublin, Ireland

Acceptance Rates

Overall Acceptance Rate 552 of 1,613 submissions, 34%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
294
Total Downloads

Downloads (Last 12 months)169
Downloads (Last 6 weeks)20

Reflects downloads up to 30 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Brown NXie BSarder EFiesler CWiese E(2024)Teaching Ethics in Computing: A Systematic Literature Review of ACM Computer Science Education PublicationsACM Transactions on Computing Education10.1145/363468524:1(1-36)Online publication date: 14-Jan-2024
https://dl.acm.org/doi/10.1145/3634685
Fernalld KOConnor TSudhakaran SNur N(2023)Lightweight Symphony: Towards Reducing Computer Science Student Anxiety with Standardized Docker EnvironmentsProceedings of the 24th Annual Conference on Information Technology Education10.1145/3585059.3611432(15-21)Online publication date: 11-Oct-2023
https://dl.acm.org/doi/10.1145/3585059.3611432

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents