Main navigation | Main content
Covering risk assessment, low-level attacks and defenses. Questions here. Due on the course Moodle by Thursday, September 28th at 11:55pm.
In this assignment you'll learn about binary-level and OS-level
vulnerabilities within a buggy Linux program, and exploit them for
fun and profit academic credit within a virtual machine.
Available now: assignment instructions (PDF), BCECHO source code, virtual machine instructions.
BCVI source code:
| Version | C source code | Makefile | Patch from previous version | Security advisory |
|---|---|---|---|---|
| 1.4 | bcvi.c | Makefile | bcvi-1.4.patch | ... |
| 1.3 | bcvi.c | Makefile | bcvi-1.3.patch | BCSA-012 |
| 1.2 | bcvi.c | Makefile | bcvi-1.2.patch | BCSA-011 |
| 1.1 | bcvi.c | Makefile | bcvi-1.1.patch | BCSA-010 |
| 1.0 | bcvi.c | N/A | BCSA-009 |
Commands for downloading a new version of BCVI into your VM and recompiling (shown with version 1.4):
% cd /src
% sudo rm -f Makefile bcvi.c bcecho.c
% sudo rm -f {,sudo}bcvi{,64}
% sudo wget http://www-users.cselabs.umn.edu/classes/Fall-2017/csci5271/ha1/v1.4/{Makefile,bcvi.c,bcecho.c}
% sudo make all bcecho
% sudo make install
% bcvi /dev/null
Covering defensive programming and OS security. Questions here, C code for question 1. Due on the course Moodle by Thursday, October 12th at 11:55pm.
The cutoff date for late submissions is slightly earlier than usual, 11:55pm on Saturday the 14th instead of Sunday the 15th, so you can discuss the solutions with other students or the staff before the midterm.
Covering cryptography. Questions here. Due on the course Moodle by Thursday, November 9th at 11:55pm.
In this assignment you'll learn about binary-level and OS-level
vulnerabilities within a buggy Linux program, and exploit them for
fun and profit academic credit within a virtual machine.
In this assignment you'll learn about network-level and web software vulnerabilities within a buggy web server, and exploit them within a virtual machine to steal "secret" information. Due by 11:55pm on Friday, November 17th, on the Moodle.
Available now: assignment instructions (PDF),virtual machine instructions (VMs are ready!). Please register your group for HA2 with Se Eun (seoh@umn.edu) even if you keep your HA1 group for HA2.
Covering random numbers, middleboxes, and networks. Questions here. Due on the course Moodle by Tuesday, November 28th at 11:55pm.
Covering XSS, malware and DoS, anonymity systems, and voting. Questions here. Due on the course Moodle by Tuesday, December 12th at 11:55pm.