sp with linux page4
Lec31 Synchronization among Threads
This session starts with a quick recap of POSIX threads and then gives an overview of synchronization. The concept of race condition and critical section problems are discussed. Then the concept of direct and indirect data sharing among threads, threads safety and reentrant functions are described. Introduction to mutex, locking, unlocking and destroying a mutex object. Mutex attributes and mutex types. Introduction to condition variable. The concept of thread cancellation is introduced. Finally problems like producer consumer problem and barber shop problem are discussed.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This session starts with a quick recap of POSIX threads and then gives an overview of synchronization. The concept of race condition and critical section problems are discussed. Then the concept of direct and indirect data sharing among threads, threads safety and reentrant functions are described. Introduction to mutex, locking, unlocking and destroying a mutex object. Mutex attributes and mutex types. Introduction to condition variable. The concept of thread cancellation is introduced. Finally problems like producer consumer problem and barber shop problem are discussed.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec32 Programming with POSIX Semaphores
This session starts with introduction to POSIX semaphores by giving a comparison between mutex, condition variable and semaphore. The implementation of named and unnamed semaphores and their API is discussed. Sample codes are discussed which gives a CSP solution using semaphores among threads and processes. The solution of serialization is also discussed among threads and processes using semaphores. Finally, the use of counting semaphores is also explained
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This session starts with introduction to POSIX semaphores by giving a comparison between mutex, condition variable and semaphore. The implementation of named and unnamed semaphores and their API is discussed. Sample codes are discussed which gives a CSP solution using semaphores among threads and processes. The solution of serialization is also discussed among threads and processes using semaphores. Finally, the use of counting semaphores is also explained
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec33 Overview Of TCPIP Architecture and Services
This session starts with introduction to TCP/IP stack and addressing on different layers of TCP/IP stack. Some important NW services (ssh, telnet, echo, chargen, daytime, time, discard) are discussed. The lab environment for future sessions is described comprising of three machines running Kali Linux, Ubuntu Server and Windows 10. Finally, use of different NW configuration tools and the use of different services are shown on Linux terminal.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This session starts with introduction to TCP/IP stack and addressing on different layers of TCP/IP stack. Some important NW services (ssh, telnet, echo, chargen, daytime, time, discard) are discussed. The lab environment for future sessions is described comprising of three machines running Kali Linux, Ubuntu Server and Windows 10. Finally, use of different NW configuration tools and the use of different services are shown on Linux terminal.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec34 Socket Programming Part-I
This session starts with introduction to Client Server paradigm. Then a detailed comparison of TCP and UDP sockets is discussed with examples. Three way connection establishment and four way connection termination is compared and shown practically using Wireshark tool. The system call graph of Internet domain TCP Client and server is described. The related system calls for creating and managing the sockets are discussed. Proof of these concepts is given by example codes of echo and daytime clients and servers. Some important lookup functions like gethostbyname() and getservbyname() are discussed with examples. Finally, the session closes with a description of assignment on writing your own web server.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec35 Socket Programming Part-II
This session starts with introduction to Datagram Sockets by giving an overview of how datagram sockets work. The system call graph of Internet domain UDP Client and server is described. The related system calls for creating and managing the sockets are discussed. Proof of these concepts is given by example codes of echo, daytime and time clients and servers.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec36 Socket Programming Part-III
This session starts with introduction to UNIX domain sockets. A comparison between UNIX domain TCP sockets and UNIX domain UDP sockets is made. Proof of these concepts is given by example codes of UNIX domain TCP echo client server programs as well as UNIX domain UDP sender and receiver programs
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec37 Socket Programming Part-IV
This session starts with a discussion on concurrent servers and their advantages. What happens when multiple echo client accesses an iterative echo server. A concurrent echo server is designed using three techniques. Using fork(), then using pthread_create() and finally using the famous select() system call. The need of concurrent clients is also discussed in the end.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec38 Exploiting Buffer Overflow Vulnerability Part-I
This is a series of three videos, which gives a quick start up on different exploitation and mitigation techniques for the buffer overflow vulnerability. The session start with an overview of a classic stack based buffer overflow. How a stack based buffer overflow can be exploited? Exploit mitigation techniques. The architecture of x86_64, its assembly and function calling convention. Installing and using PEDA. Finally a practical sample program is shown as to how to change the control of flow of execution of a program using PEDA.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec39 Exploiting Buffer Overflow Vulnerability Part-II
This is a continuation of Video Session 38. In this session we will discuss what are shell codes and how these are used. Four different ways of writing/getting shell codes are discussed. First of all how we can write shell codes from scratch using Assembly Language is discussed, and then the same is used in a stand alone C-program. Secondly different Internet archives are explored to get shell codes. Thirdly writing your shell codes using pwn tools, and finally writing your shell codes using msfvenom and using them in stand alone C-program. Proof of all these concepts are shown using hands on a Linux terminal and using ipython
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
Lec40 Exploiting Buffer Overflow Vulnerability Part-III
This is a continuation of Video Session 39. In this session we will see ways of finding vulnerabilities in executables. Crafting an input string to vulnerable programs to shift the control of flow of execution to some other part in the code section. Injecting shell code via input string and transferring control of flow to it. We will learn how to inject shell code via environment variables and transferring control of flow to it. Addressing problems that most of the students face when exploiting vulnerable programs outside gdb. Exploiting a vulnerable echo server executing on a remote machine and creating a tcp bind shell and a reverse tcp shell. A discussion on bypassing exploit mitigation techniques used by most modern operating systems and compilers.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This session starts with introduction to Client Server paradigm. Then a detailed comparison of TCP and UDP sockets is discussed with examples. Three way connection establishment and four way connection termination is compared and shown practically using Wireshark tool. The system call graph of Internet domain TCP Client and server is described. The related system calls for creating and managing the sockets are discussed. Proof of these concepts is given by example codes of echo and daytime clients and servers. Some important lookup functions like gethostbyname() and getservbyname() are discussed with examples. Finally, the session closes with a description of assignment on writing your own web server.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This session starts with introduction to Datagram Sockets by giving an overview of how datagram sockets work. The system call graph of Internet domain UDP Client and server is described. The related system calls for creating and managing the sockets are discussed. Proof of these concepts is given by example codes of echo, daytime and time clients and servers.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This session starts with introduction to UNIX domain sockets. A comparison between UNIX domain TCP sockets and UNIX domain UDP sockets is made. Proof of these concepts is given by example codes of UNIX domain TCP echo client server programs as well as UNIX domain UDP sender and receiver programs
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This session starts with a discussion on concurrent servers and their advantages. What happens when multiple echo client accesses an iterative echo server. A concurrent echo server is designed using three techniques. Using fork(), then using pthread_create() and finally using the famous select() system call. The need of concurrent clients is also discussed in the end.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This is a series of three videos, which gives a quick start up on different exploitation and mitigation techniques for the buffer overflow vulnerability. The session start with an overview of a classic stack based buffer overflow. How a stack based buffer overflow can be exploited? Exploit mitigation techniques. The architecture of x86_64, its assembly and function calling convention. Installing and using PEDA. Finally a practical sample program is shown as to how to change the control of flow of execution of a program using PEDA.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This is a continuation of Video Session 38. In this session we will discuss what are shell codes and how these are used. Four different ways of writing/getting shell codes are discussed. First of all how we can write shell codes from scratch using Assembly Language is discussed, and then the same is used in a stand alone C-program. Secondly different Internet archives are explored to get shell codes. Thirdly writing your shell codes using pwn tools, and finally writing your shell codes using msfvenom and using them in stand alone C-program. Proof of all these concepts are shown using hands on a Linux terminal and using ipython
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src
This is a continuation of Video Session 39. In this session we will see ways of finding vulnerabilities in executables. Crafting an input string to vulnerable programs to shift the control of flow of execution to some other part in the code section. Injecting shell code via input string and transferring control of flow to it. We will learn how to inject shell code via environment variables and transferring control of flow to it. Addressing problems that most of the students face when exploiting vulnerable programs outside gdb. Exploiting a vulnerable echo server executing on a remote machine and creating a tcp bind shell and a reverse tcp shell. A discussion on bypassing exploit mitigation techniques used by most modern operating systems and compilers.
Email: arif@pucit.edu.pk Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src