C Programming and Security Fundamentals

Questions and Answers

What is the primary function of a stack?

To provide input/output operations

To execute a program's instructions

To manage memory allocation

To store and retrieve data (correct)

What is the difference between a vulnerability and an exploit?

A vulnerability is a weakness in a system, while an exploit is a way to take advantage of it (correct)

A vulnerability is a type of buffer overflow, while an exploit is a type of SQL injection

A vulnerability is a type of malware, while an exploit is a type of virus

A vulnerability is a zero-day attack, while an exploit is a known attack

What is the purpose of shellcode?

To debug a program

To optimize a program's performance

To analyze a program's memory

To execute a malicious program (correct)

What is the implication of an integer overflow?

It wraps around to a positive or negative value

What is the purpose of GDB?

To debug a program and inspect its memory

What is the difference between a stack and a heap?

A stack is used for temporary storage, while a heap is used for permanent storage

What is the purpose of fuzzing?

To test a program's security

What is the purpose of a buffer?

To store temporary data

What is the purpose of format strings?

To format output data

What is the purpose of ASLR?

To prevent buffer overflow attacks

Study Notes

Week 1: C Language and GDB Tool

• C Language function syntax, main function syntax, and arguments
• Data types: integer, float, char, arrays, and declarations
• Pointers and notation
• Input and output
• Conditionals and looping
• GDB Tool: executing with an executable file, listing and disassembling (disas), breakpoints, and register inspection
• Vulnerability and exploit definitions: difference between a vulnerability and exploit (and zero day)

Week 2: Integer Overflow

• Integer types: 8-bit equal to char, signed or unsigned
• Limits available as MACRO constants
• Byte sizes of types
• Effect of integer overflow: wrapping around positive or negative
• Implications in reality: usually triggered in loop iteration
• C Language: variable scope and variable types

Week 3: Stacks and Buffers

• Principle of a stack: stack frame organization, function entry and exit sequence
• How stacks work during execution and debugging in GDB
• Buffer and overflow principles: beneficial to a threat actor
• How buffers can be viewed in GDB: examples from lab

Week 4: Vulnerable Functions and Shellcode

• Vulnerable functions: gets, strcpy, strcat, sprintf
• Safer alternatives to these functions
• Shellcode: aim, usage, and how it works

Week 5: Format Strings

• Strings vs format strings: format string specifiers
• Functions: printf and sprintf
• What makes format strings vulnerable: properties
• Exploit setup: where does it read from initially?

Week 7: Heap Properties

• Heap properties and layout: vs the stack
• Functions using heap space: relation to the stack with variables
• Structure: chunks

Week 8: Fuzzing Principles

• Fuzzing principles: why and types
• Phases and methods of fuzzing
• Tools used in fuzzing

Week 9: More Fuzzing

• More fuzzing principles: issues with fuzzing approaches
• Code coverage: AFL tool

Week 10: Non-Executable Stack and Security

• Non-executable stack and implications
• Overrides: W^X, stack canaries, and ASLR

Description

Test your knowledge of C programming basics, including function syntax, data types, and pointers, as well as security concepts like vulnerability and exploit. Also covers GDB tool and integer overflow.