Lec37 Socket Programming Part-IV (Arif Butt @ PUCIT)


This session starts with a discussion on concurrent servers and their advantages. What happens when multiple echo client accesses an iterative echo server. A concurrent echo server is designed using three techniques. Using fork(), then using pthread_create() and finally using the famous select() system call. The need of concurrent clients is also discussed in the end.

Email: arif@pucit.edu.pk
Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src

Lec39 Exploiting Buffer Overflow Vulnerability Part-II (Arif Butt @ PUCIT)


This is a continuation of Video Session 38. In this session we will discuss what are shell codes and how these are used. Four different ways of writing/getting shell codes are discussed. First of all how we can write shell codes from scratch using Assembly Language is discussed, and then the same is used in a stand alone C-program. Secondly different Internet archives are explored to get shell codes. Thirdly writing your shell codes using pwn tools, and finally writing your shell codes using msfvenom and using them in stand alone C-program. Proof of all these concepts are shown using hands on a Linux terminal and using ipython
Email: arif@pucit.edu.pk
Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src

Lec38 Exploiting Buffer Overflow Vulnerability Part-I (Arif Butt @ PUCIT)


This is a series of three videos, which gives a quick start up on different exploitation and mitigation techniques for the buffer overflow vulnerability. The session start with an overview of a classic stack based buffer overflow. How a stack based buffer overflow can be exploited? Exploit mitigation techniques. The architecture of x86_64, its assembly and function calling convention. Installing and using PEDA. Finally a practical sample program is shown as to how to change the control of flow of execution of a program using PEDA.

Email: arif@pucit.edu.pk
Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src

Lec40 Exploiting Buffer Overflow Vulnerability Part-III (Arif Butt @ PUCIT)


This is a continuation of Video Session 39. In this session we will see ways of finding vulnerabilities in executables. Crafting an input string to vulnerable programs to shift the control of flow of execution to some other part in the code section. Injecting shell code via input string and transferring control of flow to it. We will learn how to inject shell code via environment variables and transferring control of flow to it. Addressing problems that most of the students face when exploiting vulnerable programs outside gdb. Exploiting a vulnerable echo server executing on a remote machine and creating a tcp bind shell and a reverse tcp shell. A discussion on bypassing exploit mitigation techniques used by most modern operating systems and compilers.

Email: arif@pucit.edu.pk
Example Codes: https://bitbucket.org/arifpucit/spvl-repo/src

Lec01 Introduction to System Programming (Arif Butt @ PUCIT)


This is the first session on the subject of System Programming with Linux. It starts with a discussion on application vs system programmer perspective. Describes briefly about a system call and how it works. A detailed discussion on Course Matrix.

email: arif@pucit.edu.pk

Example Codes: https://bitbucket.org/arifpucit/spvl

Lec14 Designing and Deploying Web App using LAMP (Arif Butt @ PUCIT)


This session is the concluding session of previous four sessions. It covers the installation and configuration of all the required software packages for LAMP architecture. A web application is developed using MySQL to create a database and PHP is used as a server side language to access/update the records in that database. A user accesses the web app to display records from the database as well as update the records using procedural API of MYSQLi. Finally different form validation techniques are discussed. (www.arifbutt.me)

Lec15 NFS Server (Arif Butt @ PUCIT)


This session deals with installing, configuring and using UNIX Network File Server. A shared directory hierarchy is created on Ubuntu Server machine which is accessed from client machines running Kali Linux and Windows10. Concept of mounting a file system is discussed using mount

Lec16 NTP Server (Arif Butt @ PUCIT)


This session gives an overview of how time is managed on Linux systems. It differentiates between the hardware timer and kernel Timer. It then discusses about installing and configuring your own time server on Ubuntu server machine. The client machines which are a Linux Kali and a Windows10 machine then synchronises their clocks with the NTP server running on Ubuntu Server machine.

Lec17 Overview of Domain Name Server (Arif Butt @ PUCIT)


This session deals with Internet Domain Name System, a hierarchical decentralised naming service that runs on thousands of computers all around the globe and is responsible for mapping hostnames with their IP addresses and vice versa. All the related concepts and important related terms are described to make the stage right for the next session that will deal with installing ,configuring, and using BIND as a private network DNS server.