40% of the class grade is based on a project. You will build a non-trivial piece of C code from scratch to do an interesting task in network security. You will write a document describing its algorithms and architecture (10% of total grade) and demonstrate how well it works at an interim milestone (10%), and towards the end of the course (20%). Projects will be solo.
Here are some possible projects.
Develop a working remote exploit for a previously unknown vulnerability in a widespread piece of software that works on a current 64 bit operating system with all defenses in place. Note that attacking software across the Internet (or Cornell’s network) is generally illegal, so you should attack a piece of software for which you have local access. You should then notify the software vendor/development team of the vulnerability and provide them with your proof of concept exploit (keeping it secret in the meantime).
Intermediate milestone is to have selected your vulnerable application/OS, and demonstrate that you can crash it with malicious input.
The document should explain the nature of the vulnerability, how you worked around the various OS/compiler defenses, and what your shellcode/ROP chain/etc does.
Note that this project has hard-to-estimate risks of failure if you pick something that turns out not to be exploitable by you in the available time. But if you succeed, we know for sure that you are 31337.
Build a simple network firewall from scratch in C. Your firewall should have the ability to handle transferring packets between multiple network interfaces (eg wireless and wired interfaces on your laptop), and also the ability to transfer packets between pcap files for testing purposes. Your firewall should be stateful, with the ability to keep track of TCP, UDP, and ICMP conversations going on in the network. You should implement a text-based rules language of your own design that includes the ability to block/pass/reject network conversations based on source/destination address ranges and port numbers. You should obtain multi-gigabyte pcap files online for testing, and be able to demonstrate that your algorithms do not crash or blow-up in time/space demands on large files.
Intermediate milestone is to demonstrate that you can pass packets between multiple interfaces and files, with a single rule of some kind.
The document should describe and give the rationale for: 1) your rules language, 2) the data structures/algorithms used in your code, and 3) your test plan and the results of your tests.
Build a web-exploit scanner from scratch in C. Your code should be able to take a list of malicious domains, reach out to them via HTTP, replay the content in a virtual machine and perform some simple steps to determine if bad things have happened in the virtual machine (eg look for browser crashes or memory explosions). You should include code to obtain secondary downloads that the virtual machine asks for. Note that you must implement your own HTTP client/proxy that can handle all three major methods of length delineation. It’s acceptable to use libraries to handle gzip decoding of content. You should demonstrate that your code can stay up on a list of at least hundreds of bad domains, and you should demonstrate that you can detect at least some malicious websites.
Intermediate milestone is to be able to get an HTML file off disk started in a virtual machine browser, and demonstrate the intercept and parsing of outbound HTTP requests from the VM.
The document should describe and give the rationale for: 1) how your code interacts with the VM/browser, 2) the data structures/algorithms used in your code, and 3) your test plan and the results of your tests, including the malicious domains you detected.
If you have a burning desire to do something else of similar scope to the above, put together a one paragraph description and then let me know so we can negotiate.