Home - Opty-Forks/SSof GitHub Wiki

Welcome to the Software Security Course@IST Learning wiki!

This wiki is permanently under construction and the goal is to provide you with tips for solving the challenges as well as with pointers for studying more. If you find something wrong, some topic that needs to be updated/added, please create an issue on that topic.

Follow the links on the sidebar on the right devoted to each topic. The links that are marked (2019/20) have not yet been updated for the current semester (Fall 2020/21).

The goal for these labs of Software Security is that you learn by doing, and for that you should try hard. In each lab you'll be challenged with 3 to 4 different vulnerable challenges associated with a given topic. In some cases, these challenges will then be patched and a more powerfull technique will have to be applied in order to solve the updated version of the challenge.

And there will be a competition during the whole semester!

But first things first.

Never run potential malicious content in your machine. You must install a VM as a basic form of sandboxing.

1. Install Tecnico VPN

In order to play these challenges and access the scoreboard you have to be connected to the IST VPN. It is not enough to be on campus. You can find the instructions on how to connect to the VPN here.

2. Virtual Machines

Never run potential malicious content in your machine. You must install a VM as a basic form of sandboxing.

You must have a VM with the appropriate tools installed. You can pick your preferred distribution, or use the one we provide you here.

MD5SUM  (ubuntu_ssof.ova): 391a9de81f4c8a4f729a8380a9edddc340b8a8eb
SHA1SUM (ubuntu_ssof.ova): 22235ac30642b527e91519c6a9f1d0c02ab2e46dddc0e1afce0d65b9a055f766

It is a Ubuntu 18.04.1 VM and we hope you have in there everything you need for this course. It was created for the school year 2018/19 so the first thing to do after importing it is

sudo apt update; sudo apt upgrade

More details about installing instructions, login details, list of installed software, and troubleshooting can be found here.

3. Scoreboard

This year's labs we will have a scoreboard where you should submit the solutions for your challenges. You need a @tecnico.ulisboa.pt or @ist.utl.pt e-mail in order to register. If you do not have one, please contact us. Do not use an important password for this scoreboard.

All challenges will run on machine mustard.stt.rnl.tecnico.ulisboa.pt. Each challenge will run on a specific port that will be given to you as part of the challenge.

Flags will be of the form SSof{....} unless otherwise explicitly stated. Once you solve a challenge and find a flag, you can submit it in our scoreboard to score points.

Although there is no evaluation for these labs, this competition will last the whole semester and there could be prizes for top-3 performers.

GOOD LUCK!