SCQF Level: 09
Module Code: CMP320
Credit Value: 20
Term: Term 2
School: School of Arts, Media and Games
The aim of this module is to provide the student with an understanding of the broad subject area of binary auditing. The student will also gain an understanding of the countermeasures that a company can take to minimise the effect of vulnerabilities.
By the end of this module the student should be able to:
1. Analyse and critically evaluate techniques used to exploit binary files and identify relevant countermeasures.
2. Examine a topic in binary auditing and report the findings.
3. Demonstrate a critical evaluation of an advanced security topic with an independent project.
1 Binary auditing tools
Binary auditing tools. Debuggers, add-ons, debugging techniques.
2 Binary auditing
Binary auditing. Source code auditing, Black box auditing, Reverse engineering auditing, Copy protection auditing.
3 Buffer Overflows
Significance of Buffer Overflow Vulnerability, Why Programs and Applications are Vulnerable. Reasons for Buffer Overflow Attacks. Methods of ensuring that buffer overflows are trapped.
4 Shell code development
Shell code development. Creating and writing shellcode.
5 Structured Exception Handling
Structured Exception Handling (SEH) vulnerabilities. Exploitation and countermeasures.
6 Header 6
Overcoming operating system countermeasures. Avoiding Data Execution Prevention (DEP). Address Space Randomisation Layout (ASLR) evasion using ROP chains.
7 Heap Spray Techniques
Heap Spray Techniques. Use of Heap Spraying to avoid countermeasures.
8 Malware analysis
Types of malware, malware analysis methodology. Static and Dynamic analysis.
Statement on Teaching, Learning and Assessment
The lectures and practicals will assist students in developing an understanding of the shape, history and the contemporary dynamic of Ethical Hacking. The module is underpinned by legal, ethical and professional issues. This module employs a problem-first and practice-led learning approach. Ethical Hacking techniques and methodologies will be introduced through a practical and exploratory approach and within the context of developing a secure system. This activity will constitute 75% of the contact time. Once expertise is established the general contribution of the technique or methodology to the wider area of Ethical Hacking will be reinforced in theory.
Teaching and Learning Work Loads
|Supervised Practical Activity||45|
|Unsupervised Practical Activity||0|
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.