C.2 Vulnerability Discovery and Exploitation

From CyberEdWiki
Jump to: navigation, search

Understanding patterns of vulnerabilities and attacks can allow one to better understand protection, risk mitigation, and identify vulnerabilities in new contexts. Vulnerability analysis and its relation to exploit development are core skills for one involved in cyber operations.

Specific topics to be covered in this knowledge unit include, but are not limited to:

  • Exploit development
  • Mitigation (e.g. DEP, ASLR, Control flow integrity, sandbox breakouts, heap protections) bypass
  • Vulnerability discovery
    • Fuzzing
    • Crash dump analysis
  • Vulnerability equities (protect vs exploit)
  • Side channel analysis

Outcome: Students will be able to identify a vulnerability in software employing common * mitigations and develop an associated proof of concept exploit.

Outcome: Students will be able to weigh the pros and cons of vulnerability disclosure.