Lab Environment

  • Virtual Machine Software: Install VirtualBox (version 4.2.6 or newer). This is a free software.
  • Ubuntu 16.04 Virtual Machine Image: Download our pre-built Ubuntu 16.04 virtual machine image. All the Linux labs use this image. Here is the user manual, which includes the account and password information, list of software and servers installed, and configuration. To use this image, do the following:

Note: For the lab setup, you do not need to submit anything. However, we strongly urge you to get the environment set up as soon as possible, and start getting familiar with the environment. For those who are not familiar with the Linux operating system, you need to spend extra time.

Labs

Labs
Due Date
Points
Lab 1: Environment Variable and Set-UID Lab
4
Lab 2: Shellshock Attack Lab
3
Lab 3: Buffer Overflow Vulnerability Lab
4
Lab 4: Return-to-libc Lab
4
Lab 5: Race Condition Vulnerability Lab
4
Lab 6: Web Technologies Lab (see Piazza post)
2
Optional Lab: Web Tracking Lab

Lab 7: Cross-Site Request Forgery Attack Lab
4
Lab 8: SQL Injection Attack Lab
4
Lab 9: Cross-Site Scripting Attack Lab
5
Lab 10: Android Repackaging Attack
3
Lab 11: Rooting Android Phones
3
Total Points
40

Notes

  • Working individually or in group: All labs are individual labs. You are encourage to discuss with others, but each student must independently carry out the tasks in the labs. You cannot copy code from other students. Any violation will be punished and reported to the university authority.
  • Lab Report: For all labs, You should submit a hardcopy of your lab report before the class on the due day. We may ask (randomly) selected students to give a demonstration.