Capture the Flag (CTF)
On behalf of the Institute of Cybersecurity and Privacy, UGA, I would like to invite you to join us in our upcoming UGA Capture The Flag (CTF) Workshop. This workshop will be open to all UGA Computer Science and CyberSecurity&Privacy students who are interested in learning practical cybersecurity skills and potentially joining the UGA CTF…
Secure Programming [CSCI 8245]
This is a special course I teach at the University of Georgia every Spring semester. This is a senior grad class. In this course, students will first learn about security threats of unsafe language and program analysis methods to identify software vulnerabilities. Later, the class will continue based on the fastest-growing memory-safe language (i.e. Rust)…
CyberSecurity [CSCI 4250/6250]
This is a regular course I teach at the University of Georgia every Fall semester. This is a combined class (i.e. both undergrads and grads students are welcome). This is an introductory class on cybersecurity where we mostly focus on software, system, web, and network security with a minor in cryptography, mobile, hardware, IoT, AI…
Building Your Own Clang LibTool: A Step-by-Step Tutorial
Technically, Clang receives an Abstract Syntax Tree (AST), build by Clang Parser (clang/Parse/*), not the input C/C++ code (although Parser is part of Clang code base). There is obviously a Lexer in between this process, but neither Lexer nor Parser is our focus in this tutorial. Clang is responsible to convert the AST to LLVM…
System and Software Security Research Conference
Several conferences focus on security, including top-tier and flagship events, where publishing your work should be a priority. Additionally, individual top-tier systems and software conferences can also be good choices for publishing your research. I have categorized the conferences accordingly: Top-tier Security Conference * IEEE Symposium on Security and Privacy (S&P/Oakland)* ACM Computer and Communications Security (CCS) * USENIX…
SVF: Interprocedural Static Value-Flow Analysis in LLVM
SVF is a static analysis framework implemented in LLVM that allows value-flow construction and pointer analysis to be performed in an iterative manner (sparse analysis – analysis conducted into stages, from overapproximate analysis to precise, expensive analysis). It uses (default) points-to information from Andersen’s analysis and constructs an interprocedural memory SSA (Static-Single Assignment) form where…
Road Trips Summer’19: Florida ↔ California
In summer 2019, I went to Silicon Valley for my internship at Baidu USA. I decided to make a road trip with my 2005 Nissan Altima. All alone, the trip was awesome and adventurous. To Silicon Valley To Florida State
Overwrite GOT Entry from Buffer Overlapping
Problem description First of all, the CTF is from pwnable.kr (problem name: passcode). The problem description is as follows:“Mommy told me to make a passcode based login system. My initial C code was compiled without any error! Well, there was some compiler warning, but who cares about that?”There is ssh to the problem server where you…
Intel Pin Tool
The most difficult part of doing research is prototyping. Especially when it’s about security, its a must one. A researcher has to prove the proposed system is legitimate. It’s true for both attack and defense. Researchers greatly depend on existing technology and software to implement their prototype. It cuts the development time to start from…