Lecture Eleven | Lecture Twelve

Lectures

The lecturer was away today (get well soon!)

Buffer Overflows

We learnt about buffer overflows, which is a vulnerability in the code where the length of user input isn’t restricted. The data that exceeds the length of a buffer is naively written in the memory, overwriting data that belongs to other variables, registers, etcetera.

The tutors created a few challenges, you can see how to attempt them here

  • Challenge One - Overflowing the buffer to overwrite a flag variable
  • Challenge Two - Overflowing the buffer to modify the return address (address given)
  • Challenge Three - Overflowing the buffer to modify the return address (address not given)

Extended Security

The extended security group for Website Security and Cryptocurrency gave their talks today.

The website security talk was abit all over the place.
Alot of things were just brushed over, and I had to explain what they just said to a few friends around me.

But nevertheless, they talked about XSS, CSRF and SQL Injection.


The cryptocurrency talk was more interesting - and even though I’m not very interested in cryptocurrency, I found myself learning something new!

Labs

I wasn’t able to attend my lab this week. But from reading other people’s posts, it was a discussion on assets - To consider what things need to be protected, and how.

Read my catchup lab notes