From 58716ad0a641b2362c1d3ce7eb02f4f1c93dde2e Mon Sep 17 00:00:00 2001 From: Ashley Chiu Date: Tue, 10 Sep 2024 22:39:49 -0700 Subject: [PATCH 1/8] finish sp23 exam questions --- crypto/hashes.md | 5 +++++ crypto/macs.md | 5 +++++ crypto/passwords.md | 5 +++++ crypto/public-key.md | 5 +++++ crypto/symmetric.md | 6 ++++++ memory-safety/vulnerabilities.md | 8 ++++++++ network/bgp.md | 5 +++++ network/dhcp.md | 5 +++++ network/dns.md | 5 +++++ network/dnssec.md | 5 +++++ network/tls.md | 5 +++++ network/transport.md | 5 +++++ principles/principles.md | 5 +++++ web/cookies.md | 5 +++++ web/sqli.md | 5 +++++ 15 files changed, 79 insertions(+) diff --git a/crypto/hashes.md b/crypto/hashes.md index 3c016e7..786e52d 100644 --- a/crypto/hashes.md +++ b/crypto/hashes.md @@ -66,3 +66,8 @@ What if the hacker tries to cheat? If the hacker only has 15 million records, th Still, the hacker might decide to spend some time _precomputing_ fake records with low hashes before making a claim. This is called an _offline attack_, since the attacker is generating records offline before interacting with the reporter. We will see more offline attacks when we discuss password hashing later in the notes. We can prevent the offline attack by having the reporter choose a random word at the start of the interaction, like "fubar," and send it to the hacker. Now, instead of hashing each record, the hacker will hash each record, concatenated with the random word. The reporter will give the attacker just enough time to compute 150 million hashes (but no more) before requesting the 10 lowest values. Now, a cheating hacker cannot compute values ahead of time, because they won't know what the random word is. A slight variation on this method is to hash each record 10 separate times, each with a different reporter-chosen random word concatenated to the end (e.g. "fubar-1," "fubar-2," "fubar-3," etc.). In total, the hacker is now hashing 1.5b (150 million times 10) records. Then, instead of returning the lowest 10 hashes overall, the hacker returns the record with the lowest hash for each random word. Another way to think of this variation is: the hacker hashes all 150 million records with the first random word concatenated to each record, and returns the record with the lowest hash. Then the hacker hashes all 150 million records again with the second random word concatenated to each record, and returns the record with the lowest hash. This process repeats 10 times until the hacker has presented 10 hashes. The math for using the hash values to estimate the total number of lines is slightly different in this variation (the original uses random selection without substitution, while the variant uses random selection with substitution), but the underlying idea is the same. + +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover cryptographic hashes. +- Fall 2021 Midterm Question 6: Bonsai diff --git a/crypto/macs.md b/crypto/macs.md index 1895cee..c204904 100644 --- a/crypto/macs.md +++ b/crypto/macs.md @@ -137,6 +137,11 @@ One such mode is called AES-GCM (Galois Counter Mode). The specifics are out of Some other modes include CCM mode, CWC mode, and OCB mode, but these are out of scope for these notes. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover MACs. +- Spring 2023 Final Question 6: Cryptography: Lights, Camera, MACtion + [^1]: Strictly speaking, there is a very small chance that the tag for $$M$$ will also be a valid tag for $$M'$$. However, if we choose tags to be long enough---say, 128 bits---and if the MAC algorithm is secure, the chances of this happening should be about $$1/2^{128}$$, which is small enough that it can be safely ignored. [^2]: The formal definition of "unrelated" is out of scope for these notes. See [this paper](http://cseweb.ucsd.edu/~mihir/papers/kmd5.pdf) to learn more. [^3]: The security proof for HMAC just required that ipad and opad be different by at least one bit but, showing the paranoia of cryptography engineers, the designers of HMAC chose to make them very different. diff --git a/crypto/passwords.md b/crypto/passwords.md index 737ce3d..9f12dc7 100644 --- a/crypto/passwords.md +++ b/crypto/passwords.md @@ -164,3 +164,8 @@ The bottom line is: don't store passwords in the clear. Instead, sites should st $$s,H(H(H(\cdots(H(w,s)) \cdots)))$$ in the database, where $$s$$ is a random salt chosen randomly for that user and $$H$$ is a standard cryptographic hash function. + +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover passwords. +- Spring 2023 Midterm Question 5: Passwords and Integrity: alice161 diff --git a/crypto/public-key.md b/crypto/public-key.md index 50ba259..45d7d20 100644 --- a/crypto/public-key.md +++ b/crypto/public-key.md @@ -188,4 +188,9 @@ There is a problem with public key: it is _slow_. It is very, very slow. When en Because public key schemes are expensive and difficult to make IND-CPA secure, we tend to only use public key cryptography to distribute one or more _session keys_. Session keys are the keys used to actually encrypt and authenticate the message. To send a message, Alice first generates a random set of session keys. Often, we generate several different session keys for different purposes. For example, we may generate one key for encryption algorithms and another key for MAC algorithms. We may also generate one key to encrypt messages from Alice to Bob, and another key to encrypt messages from Bob to Alice. (If we need different keys for each message direction and different keys for encryption and MAC, we would need a total of four symmetric keys.) Alice then encrypts the message using a symmetric algorithm with the session keys (such as AES-128-CBC-HMAC-SHA-256 [^1]) and encrypts the random session keys with Bob's public key. When he receives the ciphertext, Bob first decrypts the session keys and then uses the session keys to decrypt the original message. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover public-key cryptography. +- Spring 2023 Midterm Question 4: Public-Key Cryptography: Mallory Forger + [^1]: That is, using AES with 128b keys in CBC mode and then using HMAC with SHA-256 for integrity diff --git a/crypto/symmetric.md b/crypto/symmetric.md index 371cb5e..a539efc 100644 --- a/crypto/symmetric.md +++ b/crypto/symmetric.md @@ -342,6 +342,12 @@ For example, in CTR mode, reusing the IV (nonce) is equivalent to reusing the on Different modes have different tradeoffs between usability and security. Although proper use of CBC and CTR mode are both IND-CPA, insecure use of either mode (e.g. reusing the IV) breaks IND-CPA security, and the severity of information leakage is different in the two modes. In CBC mode, the information leakage is contained, but in CTR mode, the leakage is catastrophic (equivalent to reusing a one-time pad). On the other hand, CTR mode can be parallelized, but CBC can not, which is why many high performance systems use CTR mode or CTR-mode based encryption schemes. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover symmetric cryptography. +- Spring 2023 Final Question 5: Cryptography: EvanBlock Cipher +- Spring 2023 Midterm Question 3: IND-CPA and Block Ciphers: evanbotevanbotevanbotevan... + [^1]: Answer: Given $$M$$ and $$C = M \oplus K$$, Eve can calculate $$K = M \oplus C$$. [^2]: This is why the only primary users of one-time-pads are spies in the field. Before the spy leaves, they obtain a large amount of key material. Unlike the other encryption systems we'll see in these notes, a one-time pad can be processed entirely with pencil and paper. The spy then broadcasts messages encrypted with the one-time pad to send back to their home base. To obfuscate the spy's communication, there are also "numbers stations" that continually broadcast meaningless sequences of random numbers. Since the one-time pad is IND-CPA secure, an adversary can't distinguish between the random number broadcasts and the messages encoded with a one time pad. [^3]: Answer: The key is needed to determine which scrambling setting was used to generate the ciphertext. If decryption didn't require a key, any attacker would be able to decrypt encrypted messages! diff --git a/memory-safety/vulnerabilities.md b/memory-safety/vulnerabilities.md index 15812af..1df1381 100644 --- a/memory-safety/vulnerabilities.md +++ b/memory-safety/vulnerabilities.md @@ -320,4 +320,12 @@ The attacker can overwrite the vtable pointer with the address of another attack This method of injection is very similar to stack smashing, where the attacker overwrites the rip to point to some malicious code. However, overwriting C++ vtables requires overwriting a pointer to a pointer. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover memory safety vulnerabilities. +- Spring 2023 Final Question 3: Memory Safety: No Doubt +- Spring 2023 Final Question 4: Memory Safety: Andor, or XOR? +- Spring 2023 Midterm Question 6: Format Strings: Cake without Pan +- Spring 2023 Midterm Question 7: Memory Safety Exploit: Valentine's Day + [^1]: You sometimes see variants on this like pwned, 0wned, ownzored, etc. diff --git a/network/bgp.md b/network/bgp.md index 08bc857..d551e3b 100644 --- a/network/bgp.md +++ b/network/bgp.md @@ -49,5 +49,10 @@ Recall that IP operates on "best effort". Packets are delivered whole, but can b In practice, there's not much anyone can do to defend against a malicious AS, since each AS operates relatively independently. Instead, we rely on protocols such as TCP at higher layers to guarantee that messages are sent. TCP will resend packets that are lost or corrupted because of malicious ASs. Also, cryptographic protocols at higher layers such as TLS can defend against malicious attackers, by guaranteeing confidentiality (attacker can't read the packets) and integrity (attacker can't modify the packets without detection) on packets. Both TCP and TLS are covered in later sections. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover BGP. +- Spring 2023 Final Question 8: Network Security: Life of a Packet + [^1]: $$2^8$$. The prefix is 24 bits, so there are 32 - 24 = 8 bits not in the prefix. [^2]: Checksums are not cryptographic. The malicious AS could modify the packet and create a new checksum for the modified packet. diff --git a/network/dhcp.md b/network/dhcp.md index 23c88bf..f96a5ea 100644 --- a/network/dhcp.md +++ b/network/dhcp.md @@ -61,5 +61,10 @@ In reality, many networks just accept DHCP spoofing as a fact of life and rely o Defending against low-layer attacks like DHCP spoofing is hard, because there is no trusted party to rely on when we're first connecting to the network. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover DHCP. +- Spring 2023 Final Question 8: Network Security: Life of a Packet + [^1]: A: Before DHCP, the client has no idea where the servers are. [^2]: Source, since it's an outgoing packet. diff --git a/network/dns.md b/network/dns.md index 06faaee..3840d6c 100644 --- a/network/dns.md +++ b/network/dns.md @@ -232,6 +232,11 @@ Recall that UDP is a transport-layer protocol like TCP, so a UDP packet requires Sanity check: How much extra security does source port randomization provide against on-path attackers?[^3] +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover DNS. +- Spring 2023 Final Question 10: Networking: Don't Need Security + [^1]: A: MITM and on-path can read the ID field. Off-path must guess the ID field. [^2]: Query `a.edu-servers.net`, whose location we know because of the records in the additional section. Query for the IP address of `eecs.berkeley.edu` just like before. [^3]: A: None, on-path attackers can see the source port value. diff --git a/network/dnssec.md b/network/dnssec.md index 415bdc4..1cb64ed 100644 --- a/network/dnssec.md +++ b/network/dnssec.md @@ -327,6 +327,11 @@ The order of the domain names has changed, but the process is the same - if some Of course, an attacker could buy a GPU and precompute hashes to learn domain names anyway... and [NSEC5](https://datatracker.ietf.org/doc/draft-vcelak-nsec5/) was born. Fortunately, it's still out of scope for this class. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover DNS. +- Spring 2023 Final Question 10: Networking: Don't Need Security + [^1]: A: DNS responses don't contain sensitive data. Anyone could query the name servers for the same information. [^2]: A: The ZSK of the `.edu` name server. [^3]: A: Denial of service (DoS). Flood the name server with requests for nonexistent domains, and it will be forced to sign all of them. diff --git a/network/tls.md b/network/tls.md index 30bc50b..b841a3b 100644 --- a/network/tls.md +++ b/network/tls.md @@ -91,6 +91,11 @@ These days TLS is effectively free. The computational overhead is minor to the p This leaves the biggest cost of TLS in managing the private keys. Previously CAs charged a substantial amount to issue a certificate, but [LetsEncrypt](https://letsencrypt.org/) costs nothing because they have fully automated the process. You run a small program on your web server that generates keys, sends the public key to LetsEncrypt, and LetsEncrypt instructs that you put a particular file in a particular location on your server, acting to prove that you control the server. So LetsEncrypt has reduced the cost in two ways: It makes the TLS certificate monetarily free and, as important, makes it very easy to generate and use. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover TLS. +- Spring 2023 Final Question 9: Networking: TLS Times Two + [^1]: A: No. An attacker can obtain the genuine server's certificate by starting its own TLS connection with the genuine server, and then present a copy of that certificate in step 2. [^2]: A: It was signed by a certificate authority in the previous step. [^3]: A: TCP is insecure against on-path and MITM attackers, who can spoof messages. diff --git a/network/transport.md b/network/transport.md index 84f2f17..0262bcb 100644 --- a/network/transport.md +++ b/network/transport.md @@ -105,4 +105,9 @@ The main problem here is that TCP by itself provides no confidentiality or integ One important defense against off-path attackers is using random, unpredictable initial sequence numbers. This forces the off-path attacker to guess the correct sequence number with very low probability. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover the Transport Layer. +- Spring 2023 Final Question 8: Network Security: Life of a Packet + [^1]: The sequence number is 32 bits, so guessing a random sequence number succeeds with probability $$1/2^{32}$$. diff --git a/principles/principles.md b/principles/principles.md index 7495504..06c8d1c 100644 --- a/principles/principles.md +++ b/principles/principles.md @@ -167,4 +167,9 @@ So suppose that your current account balance is $100 and you want to withdraw $1 This is known as a _Time-Of-Check To Time-Of-Use_ (TOCTTOU) vulnerability, because between the check and the use of whatever state was checked, the state somehow changed. In the above example, between the time that the balance was checked and the time that balance was set, the balance was somehow changed. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover security principles. +- Fall 2021 Midterm Question 3: EvanBot Alpha + [^1]: Windows XP consisted of about 40 million lines of code---all of which were in the TCB. Yikes! diff --git a/web/cookies.md b/web/cookies.md index 8348884..9468100 100644 --- a/web/cookies.md +++ b/web/cookies.md @@ -55,4 +55,9 @@ Secure session tokens should be random and unpredictable, so an attacker cannot It is easy to confuse session tokens and cookies. Session tokens are the values that the browser sends to the server to associate the request with a logged-in user. Cookies are how the browser stores and sends session tokens to the server. Cookies can also be used to save other state, as discussed earlier. In other words, session tokens are a special type of cookie that keep users logged in over many requests and responses. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover cookies. +- Spring 2023 Final Question 7: Web Security: Botgram + [^1]: The lack of restriction on the `Path` attribute has caused problems in the past, as cookies are presented to the server and JavaScript as an unordered set of name/value pairs, but is stored internally as name/path/value tuples, so if two cookies with the same name and host but different path are present, both will be presented to the server in unspecified order. diff --git a/web/sqli.md b/web/sqli.md index 0f2cbc8..fac10ca 100644 --- a/web/sqli.md +++ b/web/sqli.md @@ -223,3 +223,8 @@ The biggest problem with parameterized SQL is compatibility. SQL is a (mostly) g In practice, most modern SQL libraries support parameterized SQL and prepared statements. If the library you are using does not support parameterized SQL, it is probably best to switch to a different SQL library. _Further reading:_ [OWASP Cheat Sheet on SQL Injection](https://owasp.org/www-community/attacks/SQL_Injection) + +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover SQL Injection. +- Spring 2023 Final Question 7: Web Security: Botgram \ No newline at end of file From 123bfe4319e1d05b683b0c6f36728f9ab799c44f Mon Sep 17 00:00:00 2001 From: Ashley Chiu Date: Sat, 14 Sep 2024 00:34:49 -0700 Subject: [PATCH 2/8] add exam questions from su23-sp24 --- Gemfile.lock | 136 +++++++++++++++---------------- crypto/hashes.md | 3 + crypto/key-exchange.md | 6 ++ crypto/macs.md | 4 +- crypto/passwords.md | 4 +- crypto/public-key.md | 6 +- crypto/signatures.md | 7 ++ crypto/symmetric.md | 8 +- memory-safety/mitigations.md | 13 +++ memory-safety/vulnerabilities.md | 19 ++++- memory-safety/x86.md | 5 ++ network/bgp.md | 2 +- network/dhcp.md | 2 +- network/dns.md | 5 +- network/dnssec.md | 5 +- network/intro.md | 6 ++ network/tls.md | 4 +- network/tor.md | 5 ++ network/transport.md | 2 +- web/cookies.md | 4 +- web/csrf.md | 6 ++ web/sqli.md | 5 +- web/xss.md | 5 ++ 23 files changed, 177 insertions(+), 85 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8b34b8b..19da4b1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,32 +1,33 @@ GEM remote: https://rubygems.org/ specs: - activesupport (7.1.3) + activesupport (7.2.1) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.0.2) + concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) - mutex_m - tzinfo (~> 2.0) - addressable (2.8.6) - public_suffix (>= 2.0.2, < 6.0) + securerandom (>= 0.3) + tzinfo (~> 2.0, >= 2.0.5) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) base64 (0.2.0) - bigdecimal (3.1.6) + bigdecimal (3.1.8) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.11.1) + coffee-script-source (1.12.2) colorator (1.1.0) commonmarker (0.23.10) - concurrent-ruby (1.2.3) + concurrent-ruby (1.3.4) connection_pool (2.4.1) - dnsruby (1.70.0) + csv (3.3.0) + dnsruby (1.72.2) simpleidn (~> 0.2.1) - drb (2.2.0) - ruby2_keywords + drb (2.2.1) em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) @@ -34,23 +35,25 @@ GEM ffi (>= 1.15.0) eventmachine (1.2.7) execjs (2.9.1) - faraday (2.9.0) - faraday-net_http (>= 2.0, < 3.2) - faraday-net_http (3.1.0) + faraday (2.11.0) + faraday-net_http (>= 2.0, < 3.4) + logger + faraday-net_http (3.3.0) net-http - ffi (1.16.3) + ffi (1.17.0-arm64-darwin) + ffi (1.17.0-x86_64-linux-gnu) forwardable-extended (2.6.0) - gemoji (3.0.1) - github-pages (228) - github-pages-health-check (= 1.17.9) - jekyll (= 3.9.3) - jekyll-avatar (= 0.7.0) - jekyll-coffeescript (= 1.1.1) - jekyll-commonmark-ghpages (= 0.4.0) - jekyll-default-layout (= 0.1.4) - jekyll-feed (= 0.15.1) + gemoji (4.1.0) + github-pages (232) + github-pages-health-check (= 1.18.2) + jekyll (= 3.10.0) + jekyll-avatar (= 0.8.0) + jekyll-coffeescript (= 1.2.2) + jekyll-commonmark-ghpages (= 0.5.1) + jekyll-default-layout (= 0.1.5) + jekyll-feed (= 0.17.0) jekyll-gist (= 1.5.0) - jekyll-github-metadata (= 2.13.0) + jekyll-github-metadata (= 2.16.1) jekyll-include-cache (= 0.2.1) jekyll-mentions (= 1.6.0) jekyll-optional-front-matter (= 0.3.2) @@ -77,30 +80,32 @@ GEM jekyll-theme-tactile (= 0.2.0) jekyll-theme-time-machine (= 0.2.0) jekyll-titles-from-headings (= 0.5.3) - jemoji (= 0.12.0) - kramdown (= 2.3.2) + jemoji (= 0.13.0) + kramdown (= 2.4.0) kramdown-parser-gfm (= 1.1.0) liquid (= 4.0.4) mercenary (~> 0.3) minima (= 2.5.1) - nokogiri (>= 1.13.6, < 2.0) - rouge (= 3.26.0) + nokogiri (>= 1.16.2, < 2.0) + rouge (= 3.30.0) terminal-table (~> 1.4) - github-pages-health-check (1.17.9) + webrick (~> 1.8) + github-pages-health-check (1.18.2) addressable (~> 2.3) dnsruby (~> 1.60) - octokit (~> 4.0) - public_suffix (>= 3.0, < 5.0) + octokit (>= 4, < 8) + public_suffix (>= 3.0, < 6.0) typhoeus (~> 1.3) html-pipeline (2.14.3) activesupport (>= 2) nokogiri (>= 1.4) http_parser.rb (0.8.0) - i18n (1.14.1) + i18n (1.14.5) concurrent-ruby (~> 1.0) - jekyll (3.9.3) + jekyll (3.10.0) addressable (~> 2.4) colorator (~> 1.0) + csv (~> 3.0) em-websocket (~> 0.5) i18n (>= 0.7, < 2) jekyll-sass-converter (~> 1.0) @@ -111,27 +116,28 @@ GEM pathutil (~> 0.9) rouge (>= 1.7, < 4) safe_yaml (~> 1.0) - jekyll-avatar (0.7.0) + webrick (>= 1.0) + jekyll-avatar (0.8.0) jekyll (>= 3.0, < 5.0) - jekyll-coffeescript (1.1.1) + jekyll-coffeescript (1.2.2) coffee-script (~> 2.2) - coffee-script-source (~> 1.11.1) + coffee-script-source (~> 1.12) jekyll-commonmark (1.4.0) commonmarker (~> 0.22) - jekyll-commonmark-ghpages (0.4.0) - commonmarker (~> 0.23.7) - jekyll (~> 3.9.0) + jekyll-commonmark-ghpages (0.5.1) + commonmarker (>= 0.23.7, < 1.1.0) + jekyll (>= 3.9, < 4.0) jekyll-commonmark (~> 1.4.0) rouge (>= 2.0, < 5.0) - jekyll-default-layout (0.1.4) - jekyll (~> 3.0) - jekyll-feed (0.15.1) + jekyll-default-layout (0.1.5) + jekyll (>= 3.0, < 5.0) + jekyll-feed (0.17.0) jekyll (>= 3.7, < 5.0) jekyll-gist (1.5.0) octokit (~> 4.2) - jekyll-github-metadata (2.13.0) + jekyll-github-metadata (2.16.1) jekyll (>= 3.4, < 5.0) - octokit (~> 4.0, != 4.4.0) + octokit (>= 4, < 7, != 4.4.0) jekyll-include-cache (0.2.1) jekyll (>= 3.7, < 5.0) jekyll-mentions (1.6.0) @@ -202,45 +208,43 @@ GEM jekyll (>= 3.3, < 5.0) jekyll-watch (2.2.1) listen (~> 3.0) - jemoji (0.12.0) - gemoji (~> 3.0) + jemoji (0.13.0) + gemoji (>= 3, < 5) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - kramdown (2.3.2) + kramdown (2.4.0) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) liquid (4.0.4) - listen (3.8.0) + listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) + logger (1.6.1) mercenary (0.3.6) minima (2.5.1) jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (5.21.2) - mutex_m (0.2.0) + minitest (5.25.1) net-http (0.4.1) uri - nokogiri (1.16.5-arm64-darwin) + nokogiri (1.16.7-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.5-x86_64-linux) + nokogiri (1.16.7-x86_64-linux) racc (~> 1.4) octokit (4.25.1) faraday (>= 1, < 3) sawyer (~> 0.9) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (4.0.7) - racc (1.8.0) + public_suffix (5.1.1) + racc (1.8.1) rb-fsevent (0.11.2) - rb-inotify (0.10.1) + rb-inotify (0.11.1) ffi (~> 1.0) - rexml (3.3.6) - strscan - rouge (3.26.0) - ruby2_keywords (0.0.5) + rexml (3.3.7) + rouge (3.30.0) rubyzip (2.3.2) safe_yaml (1.0.5) sass (3.7.4) @@ -251,20 +255,16 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) - simpleidn (0.2.1) - unf (~> 0.1.4) - strscan (3.1.0) + securerandom (0.3.1) + simpleidn (0.2.3) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) typhoeus (1.4.1) ethon (>= 0.9.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.9.1) unicode-display_width (1.8.0) - uri (0.13.0) + uri (0.13.1) webrick (1.8.1) PLATFORMS diff --git a/crypto/hashes.md b/crypto/hashes.md index 786e52d..65d37c0 100644 --- a/crypto/hashes.md +++ b/crypto/hashes.md @@ -70,4 +70,7 @@ A slight variation on this method is to hash each record 10 separate times, each ## Past Exam Questions Here we've compiled a list of past exam questions that cover cryptographic hashes. +- Spring 2024 Midterm Question 7: Ephemeral Exchanges +- Spring 2024 Midterm Question 6: Authentic Auctions +- Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme) - Fall 2021 Midterm Question 6: Bonsai diff --git a/crypto/key-exchange.md b/crypto/key-exchange.md index ac810c6..e33da38 100644 --- a/crypto/key-exchange.md +++ b/crypto/key-exchange.md @@ -123,4 +123,10 @@ The main reason why the Diffie-Hellman protocol is vulnerable to this attack is {% comment %} TODO: Diffie-Hellman MITM attack (Noura) -peyrin {% endcomment %} +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover Diffie-Hellman key exchange. +- Spring 2024 Final Question 6: Plentiful Playlists +- Summer 2023 Midterm Question 7: Oblivious Transfer + [^1]: You don't need to worry about how to choose $$g$$, just know that it satisfies some special number theory properties. In short, $$g$$ must satisfy the following properties: $$1 < g < p-1$$, and there exists a $$k$$ where $$g^k = a$$ for all $$1 \leq a \leq p-1$$. diff --git a/crypto/macs.md b/crypto/macs.md index c204904..ec75c08 100644 --- a/crypto/macs.md +++ b/crypto/macs.md @@ -140,7 +140,9 @@ Some other modes include CCM mode, CWC mode, and OCB mode, but these are out of ## Past Exam Questions Here we've compiled a list of past exam questions that cover MACs. -- Spring 2023 Final Question 6: Cryptography: Lights, Camera, MACtion +- Spring 2024 Midterm Question 6: Authentic Auctions +- Fall 2023 Midterm Question 6: Mix-and-MAC +- Spring 2023 Final Question 6: Lights, Camera, MACtion [^1]: Strictly speaking, there is a very small chance that the tag for $$M$$ will also be a valid tag for $$M'$$. However, if we choose tags to be long enough---say, 128 bits---and if the MAC algorithm is secure, the chances of this happening should be about $$1/2^{128}$$, which is small enough that it can be safely ignored. [^2]: The formal definition of "unrelated" is out of scope for these notes. See [this paper](http://cseweb.ucsd.edu/~mihir/papers/kmd5.pdf) to learn more. diff --git a/crypto/passwords.md b/crypto/passwords.md index 9f12dc7..8682ae6 100644 --- a/crypto/passwords.md +++ b/crypto/passwords.md @@ -168,4 +168,6 @@ in the database, where $$s$$ is a random salt chosen randomly for that user and ## Past Exam Questions Here we've compiled a list of past exam questions that cover passwords. -- Spring 2023 Midterm Question 5: Passwords and Integrity: alice161 +- Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme) +- Summer 2023 Final Question 8: EvanBank +- Spring 2023 Midterm Question 5: alice161 diff --git a/crypto/public-key.md b/crypto/public-key.md index 45d7d20..9d9a9c3 100644 --- a/crypto/public-key.md +++ b/crypto/public-key.md @@ -191,6 +191,10 @@ Because public key schemes are expensive and difficult to make IND-CPA secure, w ## Past Exam Questions Here we've compiled a list of past exam questions that cover public-key cryptography. -- Spring 2023 Midterm Question 4: Public-Key Cryptography: Mallory Forger +- Spring 2024 Final Question 6: Plentiful Playlists +- Spring 2024 Midterm Question 7: Ephemeral Exchanges +- Spring 2024 Midterm Question 6: Authentic Auctions +- Fall 2023 Midterm Question 7: Does EvanBot Snore? +- Spring 2023 Midterm Question 4: Mallory Forger [^1]: That is, using AES with 128b keys in CBC mode and then using HMAC with SHA-256 for integrity diff --git a/crypto/signatures.md b/crypto/signatures.md index 5df1d5a..46a8b95 100644 --- a/crypto/signatures.md +++ b/crypto/signatures.md @@ -105,4 +105,11 @@ This is a very stringent definition of security, because it declares the signatu Note however that the security of signatures do rely on the underlying hash function. Signatures have been broken in the past by taking advantage of the ability to create hash collisions when the hash function, not the public key algorithm, is compromised. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover signatures. +- Spring 2024 Midterm Question 6: Authentic Auctions +- Summer 2023 Final Question 6: EvanBot Signature Scheme +- Summer 2023 Midterm Question 6: One-Time Signatures + [^1]: Why do we pick those particular conditions on $$p$$ and $$q$$? Because then $$\varphi(pq) = (p-1)(q-1)$$ will not be a multiple of 3, which is going to allow us to have unique cube roots. diff --git a/crypto/symmetric.md b/crypto/symmetric.md index a539efc..eff54dd 100644 --- a/crypto/symmetric.md +++ b/crypto/symmetric.md @@ -345,7 +345,13 @@ Different modes have different tradeoffs between usability and security. Althoug ## Past Exam Questions Here we've compiled a list of past exam questions that cover symmetric cryptography. -- Spring 2023 Final Question 5: Cryptography: EvanBlock Cipher +- Spring 2024 Final Question 5: AES-ROVW +- Spring 2024 Midterm Question 5: Challenging Constructions +- Fall 2023 Final Question 5: Meet Me in the Middle +- Fall 2023 Midterm Question 5: Not Quite by DESign +- Summer 2023 Final Question 5: Ciphertext Thief +- Summer 2023 Midterm Question 5: All or Nothing Security +- Spring 2023 Final Question 5: EvanBlock Cipher - Spring 2023 Midterm Question 3: IND-CPA and Block Ciphers: evanbotevanbotevanbotevan... [^1]: Answer: Given $$M$$ and $$C = M \oplus K$$, Eve can calculate $$K = M \oplus C$$. diff --git a/memory-safety/mitigations.md b/memory-safety/mitigations.md index 835719c..d69fe64 100644 --- a/memory-safety/mitigations.md +++ b/memory-safety/mitigations.md @@ -172,5 +172,18 @@ Note that ASLR randomizes absolute addresses by changing the start of sections o We can use multiple mitigations together to force the attacker to find multiple vulnerabilities to exploit the program; this is a process known as _synergistic protection_, where one mitigation helps strengthen another mitigation. For example, combining ASLR and non-executable pages results in an attacker not being able to write their own shellcode, because of non-executable pages, and not being able to use existing code in memory, because they don't know the addresses of that code (ASLR). Thus, to defeat ASLR and non-executable pages, the attacker needs to find two vulnerabilities. First, they need to find a way to leak memory and reveal the address location (to defeat ASLR). Next, they need to find a way to write to memory and write an ROP chain (to defeat non-executable pages). +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover memory safety mitigations. +- Spring 2024 Final Question 3: Everyone Loves PIE +- Spring 2024 Final Question 4: Breaking Bot +- Fall 2023 Final Question 3: exec +- Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half! +- Fall 2023 Midterm Question 3: Homecoming +- Fall 2023 Final Question 4: Ins and Outs +- Summer 2023 Final Question 4: The Last Dance +- Summer 2023 Midterm Question 3: Across the Security-Verse +- Summer 2023 Midterm Question 4: Snacktime + [^1]: The one real performance advantage C has over a garbage collected language like Go is a far more deterministic behavior for memory allocation. But with languages like Rust, which are safe but not garbage collected, this is no longer an advantage for C. [^2]: This function is called a MAC (message authentication code), and we will study it in more detail in the cryptography unit. diff --git a/memory-safety/vulnerabilities.md b/memory-safety/vulnerabilities.md index 1df1381..1921b2b 100644 --- a/memory-safety/vulnerabilities.md +++ b/memory-safety/vulnerabilities.md @@ -323,9 +323,20 @@ This method of injection is very similar to stack smashing, where the attacker o ## Past Exam Questions Here we've compiled a list of past exam questions that cover memory safety vulnerabilities. -- Spring 2023 Final Question 3: Memory Safety: No Doubt -- Spring 2023 Final Question 4: Memory Safety: Andor, or XOR? -- Spring 2023 Midterm Question 6: Format Strings: Cake without Pan -- Spring 2023 Midterm Question 7: Memory Safety Exploit: Valentine's Day +- Spring 2024 Final Question 3: Everyone Loves PIE +- Spring 2024 Final Question 4: Breaking Bot +- Spring 2024 Midterm Question 3: 'Tis But a Scratch +- Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half! +- Fall 2023 Final Question 3: exec +- Fall 2023 Midterm Question 3: Homecoming +- Fall 2023 Midterm Question 4: Forbidden Instruction +- Summer 2023 Final Question 3: Letter from EvanBot +- Summer 2023 Final Question 4: The Last Dance +- Summer 2023 Midterm Question 3: Across the Security-Verse +- Summer 2023 Midterm Question 4: Snacktime +- Spring 2023 Final Question 3: No Doubt +- Spring 2023 Final Question 4: Andor, or XOR? +- Spring 2023 Midterm Question 6: Cake without Pan +- Spring 2023 Midterm Question 7: Valentine's Day [^1]: You sometimes see variants on this like pwned, 0wned, ownzored, etc. diff --git a/memory-safety/x86.md b/memory-safety/x86.md index ac98330..14c1089 100644 --- a/memory-safety/x86.md +++ b/memory-safety/x86.md @@ -255,6 +255,11 @@ Since function calls are so common, assembly programmers sometimes use shorthand Steps 4-6 are sometimes called the _function prologue_, since they must appear at the start of the assembly code of any C function. Similarly, steps 8-10 are sometimes called the _function epilogue_. +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover x86. These do require an understanding of memory safety vulnerabilities as well, so we recommend understanding those questions first before coming back to these. +- Fall 2023 Midterm Question 3: Homecoming + [^1]: Answer: Using the table to look up each sequence of 4 bits, we get `0xC161`. [^2]: Answer: $$2^{64}$$ bytes. [^3]: In reality your program may not have all this memory, but the operating system gives the program the illusion that it has access to all this memory. Refer to the virtual memory unit in CS 61C or take CS 162 to learn more. diff --git a/network/bgp.md b/network/bgp.md index d551e3b..6cc62b8 100644 --- a/network/bgp.md +++ b/network/bgp.md @@ -52,7 +52,7 @@ In practice, there's not much anyone can do to defend against a malicious AS, si ## Past Exam Questions Here we've compiled a list of past exam questions that cover BGP. -- Spring 2023 Final Question 8: Network Security: Life of a Packet +- Spring 2023 Final Question 8: Life of a Packet [^1]: $$2^8$$. The prefix is 24 bits, so there are 32 - 24 = 8 bits not in the prefix. [^2]: Checksums are not cryptographic. The malicious AS could modify the packet and create a new checksum for the modified packet. diff --git a/network/dhcp.md b/network/dhcp.md index f96a5ea..a4c05fd 100644 --- a/network/dhcp.md +++ b/network/dhcp.md @@ -64,7 +64,7 @@ Defending against low-layer attacks like DHCP spoofing is hard, because there is ## Past Exam Questions Here we've compiled a list of past exam questions that cover DHCP. -- Spring 2023 Final Question 8: Network Security: Life of a Packet +- Spring 2023 Final Question 8: Life of a Packet [^1]: A: Before DHCP, the client has no idea where the servers are. [^2]: Source, since it's an outgoing packet. diff --git a/network/dns.md b/network/dns.md index 3840d6c..5a86c56 100644 --- a/network/dns.md +++ b/network/dns.md @@ -235,7 +235,10 @@ Sanity check: How much extra security does source port randomization provide aga ## Past Exam Questions Here we've compiled a list of past exam questions that cover DNS. -- Spring 2023 Final Question 10: Networking: Don't Need Security +- Spring 2024 Final Question 8: Check Please +- Fall 2023 Final Question 9: Double-Check Your Work +- Summer 2023 Final Question 10: DNS Hack Finding +- Spring 2023 Final Question 10: Don't Need Security [^1]: A: MITM and on-path can read the ID field. Off-path must guess the ID field. [^2]: Query `a.edu-servers.net`, whose location we know because of the records in the additional section. Query for the IP address of `eecs.berkeley.edu` just like before. diff --git a/network/dnssec.md b/network/dnssec.md index 1cb64ed..f437aa6 100644 --- a/network/dnssec.md +++ b/network/dnssec.md @@ -329,8 +329,9 @@ Of course, an attacker could buy a GPU and precompute hashes to learn domain nam ## Past Exam Questions -Here we've compiled a list of past exam questions that cover DNS. -- Spring 2023 Final Question 10: Networking: Don't Need Security +Here we've compiled a list of past exam questions that cover DNSSEC. +- Spring 2024 Final Question 8: Check Please +- Spring 2023 Final Question 10: Don't Need Security [^1]: A: DNS responses don't contain sensitive data. Anyone could query the name servers for the same information. [^2]: A: The ZSK of the `.edu` name server. diff --git a/network/intro.md b/network/intro.md index 1b469e3..4560552 100644 --- a/network/intro.md +++ b/network/intro.md @@ -112,3 +112,9 @@ Network adversaries can be sorted into 3 general categories. They are, from weak **In-path Adversaries**: can read, modify, and block packets. Also known as a **man-in-the-middle**. Note that all adversaries can send packets of their own, including faking or **spoofing** the packet headers to appear like the message is coming from somebody else. This is often as simple as setting the "source\" field on the packet header to somebody else's address. + +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover an introduction to networking or network adversaries in specific. +- Fall 2023 Final Question 11: New Phone Who This +- Summer 2023 Final Question 9: Passwords-R-Us diff --git a/network/tls.md b/network/tls.md index b841a3b..2a2916d 100644 --- a/network/tls.md +++ b/network/tls.md @@ -94,7 +94,9 @@ This leaves the biggest cost of TLS in managing the private keys. Previously CAs ## Past Exam Questions Here we've compiled a list of past exam questions that cover TLS. -- Spring 2023 Final Question 9: Networking: TLS Times Two +- Spring 2024 Final Question 9: Key Rotation +- Fall 2023 Final Question 11: New Phone Who This +- Spring 2023 Final Question 9: TLS Times Two [^1]: A: No. An attacker can obtain the genuine server's certificate by starting its own TLS connection with the genuine server, and then present a copy of that certificate in step 2. [^2]: A: It was signed by a certificate authority in the previous step. diff --git a/network/tor.md b/network/tor.md index d28ac2a..31fd32e 100644 --- a/network/tor.md +++ b/network/tor.md @@ -56,3 +56,8 @@ Tor uses this type of onion routing for anonymous web browsing and censorship ci One of the downsides in onion routing is performance, as the message has to bounce off of several proxy servers before it reaches its destination, it takes a lot longer to get there. Each time the message goes through a proxy, there is an extra delay that is added to the latency. However, it should be noted that performance decreases linearly with the number of proxies added, and if you estimate that roughly half of the available proxy servers are honest then you only need to chain together a small number of proxies before you can be fairly sure that you have gained some level of anonymity (you can think of security going up exponentially, but performance going down linearly with the number of proxy servers added). Another possible attack is one that was mentioned in the previous section, when the first and last proxy servers are under malicious control. The attacker can use timing information to link Alice and Bob, but, as mentioned earlier, this depends on the amount of traffic that is flowing through the proxy servers at that time. A possible defense is to pad messages (this is what Tor does but they note that it's not enough for defense), introduce significant delays, or if Bob is ready to accept encrypted messages, then the original message $$M$$ can be encrypted. + +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover Tor. +- Fall 2023 Final Question 10: A TORrible Mistake \ No newline at end of file diff --git a/network/transport.md b/network/transport.md index 0262bcb..382d1da 100644 --- a/network/transport.md +++ b/network/transport.md @@ -108,6 +108,6 @@ One important defense against off-path attackers is using random, unpredictable ## Past Exam Questions Here we've compiled a list of past exam questions that cover the Transport Layer. -- Spring 2023 Final Question 8: Network Security: Life of a Packet +- Spring 2023 Final Question 8: Life of a Packet [^1]: The sequence number is 32 bits, so guessing a random sequence number succeeds with probability $$1/2^{32}$$. diff --git a/web/cookies.md b/web/cookies.md index 9468100..814902d 100644 --- a/web/cookies.md +++ b/web/cookies.md @@ -58,6 +58,8 @@ It is easy to confuse session tokens and cookies. Session tokens are the values ## Past Exam Questions Here we've compiled a list of past exam questions that cover cookies. -- Spring 2023 Final Question 7: Web Security: Botgram +- Fall 2023 Final Question 7: Unscramble +- Summer 2023 Final Question 8: EvanBank +- Spring 2023 Final Question 7: Botgram [^1]: The lack of restriction on the `Path` attribute has caused problems in the past, as cookies are presented to the server and JavaScript as an unordered set of name/value pairs, but is stored internally as name/path/value tuples, so if two cookies with the same name and host but different path are present, both will be presented to the server in unspecified order. diff --git a/web/csrf.md b/web/csrf.md index a32506f..2603488 100644 --- a/web/csrf.md +++ b/web/csrf.md @@ -57,4 +57,10 @@ In practice, Referer headers may be removed by the browser, the operating system _Further reading:_ [OWASP Cheat Sheet on CSRF](https://owasp.org/www-community/attacks/csrf) +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover CSRF. +- Fall 2023 Final Question 7: Unscramble +- Spring 2023 Final Question 7: Botgram + [^1]: Yes, the "Referer" field represents a roughly three decade old misspelling of referrer. This is a silly example of how "legacy", that is old design decisions, can impact things decades later because it can be very hard to change things diff --git a/web/sqli.md b/web/sqli.md index fac10ca..33ceadb 100644 --- a/web/sqli.md +++ b/web/sqli.md @@ -227,4 +227,7 @@ _Further reading:_ [OWASP Cheat Sheet on SQL Injection](https://owasp.org/www-co ## Past Exam Questions Here we've compiled a list of past exam questions that cover SQL Injection. -- Spring 2023 Final Question 7: Web Security: Botgram \ No newline at end of file +- Spring 2024 Final Question 7: Suspicious SQL +- Fall 2023 Final Question 8: Word Game +- Summer 2023 Final Question 7: Barbenheimer +- Spring 2023 Final Question 7: Botgram \ No newline at end of file diff --git a/web/xss.md b/web/xss.md index 4c61ae8..d26200a 100644 --- a/web/xss.md +++ b/web/xss.md @@ -90,3 +90,8 @@ CSPs are defined by a web server and enforced by a browser. In the HTTP response If you enable CSP, you can no longer run _any_ scripts that are embedded directly in the HTML document. You can only load external scripts specified by the `script` tag and an external URL. These scripts can only be fetched from the sites specified in the CSP. This prevents an attacker from directly injecting scripts into an HTML document or modifying the HTML document to fetch scripts from the attacker's domain. _Further reading:_ [OWASP Cheat Sheet on XSS](https://owasp.org/www-community/attacks/xss/) + +## Past Exam Questions + +Here we've compiled a list of past exam questions that cover XSS. +- Fall 2023 Final Question 7: Unscramble \ No newline at end of file From ce58edb54a123c9498de1a727cc737795a5cc653 Mon Sep 17 00:00:00 2001 From: Ashley Chiu Date: Sat, 14 Sep 2024 00:56:02 -0700 Subject: [PATCH 3/8] add toggles for mem safety --- memory-safety/vulnerabilities.md | 43 ++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/memory-safety/vulnerabilities.md b/memory-safety/vulnerabilities.md index 1921b2b..8739c76 100644 --- a/memory-safety/vulnerabilities.md +++ b/memory-safety/vulnerabilities.md @@ -328,6 +328,7 @@ Here we've compiled a list of past exam questions that cover memory safety vulne - Spring 2024 Midterm Question 3: 'Tis But a Scratch - Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half! - Fall 2023 Final Question 3: exec +- Fall 2023 Final Question 4: Ins and Outs - Fall 2023 Midterm Question 3: Homecoming - Fall 2023 Midterm Question 4: Forbidden Instruction - Summer 2023 Final Question 3: Letter from EvanBot @@ -339,4 +340,46 @@ Here we've compiled a list of past exam questions that cover memory safety vulne - Spring 2023 Midterm Question 6: Cake without Pan - Spring 2023 Midterm Question 7: Valentine's Day +A large portion of memory safety vulnerability questions is identifying what type of vulnerability exists within the code. However, if you'd like to practice a specific type of question, feel free to toggle the options below. +
+ Buffer overflow + +
+
+ Format string vulnerability + +
+
+ Integer conversion vulnerability + +
+
+ Off-by-one vulnerability + +
+
+ Other vulnerabilities + +
+ + [^1]: You sometimes see variants on this like pwned, 0wned, ownzored, etc. From 2cad032cfd167e9fe17f088f176c26bfd199c8c0 Mon Sep 17 00:00:00 2001 From: Ashley Chiu Date: Sat, 14 Sep 2024 00:56:47 -0700 Subject: [PATCH 4/8] restore gemfile lock --- Gemfile.lock | 138 +++++++++++++++++++++++++-------------------------- 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 19da4b1..176d194 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,33 +1,32 @@ GEM remote: https://rubygems.org/ specs: - activesupport (7.2.1) + activesupport (7.1.3) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.3.1) + concurrent-ruby (~> 1.0, >= 1.0.2) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) - logger (>= 1.4.2) minitest (>= 5.1) - securerandom (>= 0.3) - tzinfo (~> 2.0, >= 2.0.5) - addressable (2.8.7) - public_suffix (>= 2.0.2, < 7.0) + mutex_m + tzinfo (~> 2.0) + addressable (2.8.6) + public_suffix (>= 2.0.2, < 6.0) base64 (0.2.0) - bigdecimal (3.1.8) + bigdecimal (3.1.6) coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.12.2) + coffee-script-source (1.11.1) colorator (1.1.0) commonmarker (0.23.10) - concurrent-ruby (1.3.4) + concurrent-ruby (1.2.3) connection_pool (2.4.1) - csv (3.3.0) - dnsruby (1.72.2) + dnsruby (1.70.0) simpleidn (~> 0.2.1) - drb (2.2.1) + drb (2.2.0) + ruby2_keywords em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) @@ -35,25 +34,23 @@ GEM ffi (>= 1.15.0) eventmachine (1.2.7) execjs (2.9.1) - faraday (2.11.0) - faraday-net_http (>= 2.0, < 3.4) - logger - faraday-net_http (3.3.0) + faraday (2.9.0) + faraday-net_http (>= 2.0, < 3.2) + faraday-net_http (3.1.0) net-http - ffi (1.17.0-arm64-darwin) - ffi (1.17.0-x86_64-linux-gnu) + ffi (1.16.3) forwardable-extended (2.6.0) - gemoji (4.1.0) - github-pages (232) - github-pages-health-check (= 1.18.2) - jekyll (= 3.10.0) - jekyll-avatar (= 0.8.0) - jekyll-coffeescript (= 1.2.2) - jekyll-commonmark-ghpages (= 0.5.1) - jekyll-default-layout (= 0.1.5) - jekyll-feed (= 0.17.0) + gemoji (3.0.1) + github-pages (228) + github-pages-health-check (= 1.17.9) + jekyll (= 3.9.3) + jekyll-avatar (= 0.7.0) + jekyll-coffeescript (= 1.1.1) + jekyll-commonmark-ghpages (= 0.4.0) + jekyll-default-layout (= 0.1.4) + jekyll-feed (= 0.15.1) jekyll-gist (= 1.5.0) - jekyll-github-metadata (= 2.16.1) + jekyll-github-metadata (= 2.13.0) jekyll-include-cache (= 0.2.1) jekyll-mentions (= 1.6.0) jekyll-optional-front-matter (= 0.3.2) @@ -80,32 +77,30 @@ GEM jekyll-theme-tactile (= 0.2.0) jekyll-theme-time-machine (= 0.2.0) jekyll-titles-from-headings (= 0.5.3) - jemoji (= 0.13.0) - kramdown (= 2.4.0) + jemoji (= 0.12.0) + kramdown (= 2.3.2) kramdown-parser-gfm (= 1.1.0) liquid (= 4.0.4) mercenary (~> 0.3) minima (= 2.5.1) - nokogiri (>= 1.16.2, < 2.0) - rouge (= 3.30.0) + nokogiri (>= 1.13.6, < 2.0) + rouge (= 3.26.0) terminal-table (~> 1.4) - webrick (~> 1.8) - github-pages-health-check (1.18.2) + github-pages-health-check (1.17.9) addressable (~> 2.3) dnsruby (~> 1.60) - octokit (>= 4, < 8) - public_suffix (>= 3.0, < 6.0) + octokit (~> 4.0) + public_suffix (>= 3.0, < 5.0) typhoeus (~> 1.3) html-pipeline (2.14.3) activesupport (>= 2) nokogiri (>= 1.4) http_parser.rb (0.8.0) - i18n (1.14.5) + i18n (1.14.1) concurrent-ruby (~> 1.0) - jekyll (3.10.0) + jekyll (3.9.3) addressable (~> 2.4) colorator (~> 1.0) - csv (~> 3.0) em-websocket (~> 0.5) i18n (>= 0.7, < 2) jekyll-sass-converter (~> 1.0) @@ -116,28 +111,27 @@ GEM pathutil (~> 0.9) rouge (>= 1.7, < 4) safe_yaml (~> 1.0) - webrick (>= 1.0) - jekyll-avatar (0.8.0) + jekyll-avatar (0.7.0) jekyll (>= 3.0, < 5.0) - jekyll-coffeescript (1.2.2) + jekyll-coffeescript (1.1.1) coffee-script (~> 2.2) - coffee-script-source (~> 1.12) + coffee-script-source (~> 1.11.1) jekyll-commonmark (1.4.0) commonmarker (~> 0.22) - jekyll-commonmark-ghpages (0.5.1) - commonmarker (>= 0.23.7, < 1.1.0) - jekyll (>= 3.9, < 4.0) + jekyll-commonmark-ghpages (0.4.0) + commonmarker (~> 0.23.7) + jekyll (~> 3.9.0) jekyll-commonmark (~> 1.4.0) rouge (>= 2.0, < 5.0) - jekyll-default-layout (0.1.5) - jekyll (>= 3.0, < 5.0) - jekyll-feed (0.17.0) + jekyll-default-layout (0.1.4) + jekyll (~> 3.0) + jekyll-feed (0.15.1) jekyll (>= 3.7, < 5.0) jekyll-gist (1.5.0) octokit (~> 4.2) - jekyll-github-metadata (2.16.1) + jekyll-github-metadata (2.13.0) jekyll (>= 3.4, < 5.0) - octokit (>= 4, < 7, != 4.4.0) + octokit (~> 4.0, != 4.4.0) jekyll-include-cache (0.2.1) jekyll (>= 3.7, < 5.0) jekyll-mentions (1.6.0) @@ -208,43 +202,45 @@ GEM jekyll (>= 3.3, < 5.0) jekyll-watch (2.2.1) listen (~> 3.0) - jemoji (0.13.0) - gemoji (>= 3, < 5) + jemoji (0.12.0) + gemoji (~> 3.0) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - kramdown (2.4.0) + kramdown (2.3.2) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) liquid (4.0.4) - listen (3.9.0) + listen (3.8.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.1) mercenary (0.3.6) minima (2.5.1) jekyll (>= 3.5, < 5.0) jekyll-feed (~> 0.9) jekyll-seo-tag (~> 2.1) - minitest (5.25.1) + minitest (5.21.2) + mutex_m (0.2.0) net-http (0.4.1) uri - nokogiri (1.16.7-arm64-darwin) + nokogiri (1.16.5-arm64-darwin) racc (~> 1.4) - nokogiri (1.16.7-x86_64-linux) + nokogiri (1.16.5-x86_64-linux) racc (~> 1.4) octokit (4.25.1) faraday (>= 1, < 3) sawyer (~> 0.9) pathutil (0.16.2) forwardable-extended (~> 2.6) - public_suffix (5.1.1) - racc (1.8.1) + public_suffix (4.0.7) + racc (1.8.0) rb-fsevent (0.11.2) - rb-inotify (0.11.1) + rb-inotify (0.10.1) ffi (~> 1.0) - rexml (3.3.7) - rouge (3.30.0) + rexml (3.3.6) + strscan + rouge (3.26.0) + ruby2_keywords (0.0.5) rubyzip (2.3.2) safe_yaml (1.0.5) sass (3.7.4) @@ -255,16 +251,20 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) - securerandom (0.3.1) - simpleidn (0.2.3) + simpleidn (0.2.1) + unf (~> 0.1.4) + strscan (3.1.0) terminal-table (1.8.0) unicode-display_width (~> 1.1, >= 1.1.1) typhoeus (1.4.1) ethon (>= 0.9.0) tzinfo (2.0.6) concurrent-ruby (~> 1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.9.1) unicode-display_width (1.8.0) - uri (0.13.1) + uri (0.13.0) webrick (1.8.1) PLATFORMS @@ -276,4 +276,4 @@ DEPENDENCIES webrick (~> 1.7) BUNDLED WITH - 2.4.2 + 2.4.2 \ No newline at end of file From 87d52c1a20ea58133400999e63459e41f3e3a188 Mon Sep 17 00:00:00 2001 From: Ashley Chiu Date: Sat, 14 Sep 2024 19:34:35 -0700 Subject: [PATCH 5/8] update link formatting for pandoc --- crypto/hashes.md | 8 ++-- crypto/key-exchange.md | 4 +- crypto/macs.md | 6 +-- crypto/passwords.md | 6 +-- crypto/public-key.md | 10 ++--- crypto/signatures.md | 6 +-- crypto/symmetric.md | 16 +++---- memory-safety/mitigations.md | 18 ++++---- memory-safety/vulnerabilities.md | 75 +++++++++++++++----------------- memory-safety/x86.md | 2 +- network/bgp.md | 2 +- network/dhcp.md | 2 +- network/dns.md | 8 ++-- network/dnssec.md | 4 +- network/intro.md | 4 +- network/tls.md | 6 +-- network/tor.md | 2 +- network/transport.md | 2 +- principles/principles.md | 2 +- web/cookies.md | 6 +-- web/csrf.md | 4 +- web/sqli.md | 8 ++-- web/xss.md | 2 +- 23 files changed, 99 insertions(+), 104 deletions(-) diff --git a/crypto/hashes.md b/crypto/hashes.md index 65d37c0..f3fe18e 100644 --- a/crypto/hashes.md +++ b/crypto/hashes.md @@ -70,7 +70,7 @@ A slight variation on this method is to hash each record 10 separate times, each ## Past Exam Questions Here we've compiled a list of past exam questions that cover cryptographic hashes. -- Spring 2024 Midterm Question 7: Ephemeral Exchanges -- Spring 2024 Midterm Question 6: Authentic Auctions -- Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme) -- Fall 2021 Midterm Question 6: Bonsai +- [Spring 2024 Midterm Question 7: Ephemeral Exchanges](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=17) +- [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) +- [Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme)](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=11) +- [Fall 2021 Midterm Question 6: Bonsai](https://assets.cs161.org/exams/fa21/fa21mt1.pdf#page=8) diff --git a/crypto/key-exchange.md b/crypto/key-exchange.md index e33da38..322384a 100644 --- a/crypto/key-exchange.md +++ b/crypto/key-exchange.md @@ -126,7 +126,7 @@ The main reason why the Diffie-Hellman protocol is vulnerable to this attack is ## Past Exam Questions Here we've compiled a list of past exam questions that cover Diffie-Hellman key exchange. -- Spring 2024 Final Question 6: Plentiful Playlists -- Summer 2023 Midterm Question 7: Oblivious Transfer +- [Spring 2024 Final Question 6: Plentiful Playlists](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=10) +- [Summer 2023 Midterm Question 7: Oblivious Transfer](https://assets.cs161.org/exams/su23/su23mt.pdf#page=15) [^1]: You don't need to worry about how to choose $$g$$, just know that it satisfies some special number theory properties. In short, $$g$$ must satisfy the following properties: $$1 < g < p-1$$, and there exists a $$k$$ where $$g^k = a$$ for all $$1 \leq a \leq p-1$$. diff --git a/crypto/macs.md b/crypto/macs.md index ec75c08..80fd8fb 100644 --- a/crypto/macs.md +++ b/crypto/macs.md @@ -140,9 +140,9 @@ Some other modes include CCM mode, CWC mode, and OCB mode, but these are out of ## Past Exam Questions Here we've compiled a list of past exam questions that cover MACs. -- Spring 2024 Midterm Question 6: Authentic Auctions -- Fall 2023 Midterm Question 6: Mix-and-MAC -- Spring 2023 Final Question 6: Lights, Camera, MACtion +- [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) +- [Fall 2023 Midterm Question 6: Mix-and-MAC](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=12) +- [Spring 2023 Final Question 6: Lights, Camera, MACtion](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=10) [^1]: Strictly speaking, there is a very small chance that the tag for $$M$$ will also be a valid tag for $$M'$$. However, if we choose tags to be long enough---say, 128 bits---and if the MAC algorithm is secure, the chances of this happening should be about $$1/2^{128}$$, which is small enough that it can be safely ignored. [^2]: The formal definition of "unrelated" is out of scope for these notes. See [this paper](http://cseweb.ucsd.edu/~mihir/papers/kmd5.pdf) to learn more. diff --git a/crypto/passwords.md b/crypto/passwords.md index 8682ae6..97383e7 100644 --- a/crypto/passwords.md +++ b/crypto/passwords.md @@ -168,6 +168,6 @@ in the database, where $$s$$ is a random salt chosen randomly for that user and ## Past Exam Questions Here we've compiled a list of past exam questions that cover passwords. -- Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme) -- Summer 2023 Final Question 8: EvanBank -- Spring 2023 Midterm Question 5: alice161 +- [Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme)](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=11) +- [Summer 2023 Final Question 8: EvanBank](https://assets.cs161.org/exams/su23/su23final.pdf#page=13) +- [Spring 2023 Midterm Question 5: alice161](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=9) diff --git a/crypto/public-key.md b/crypto/public-key.md index 9d9a9c3..b9694d9 100644 --- a/crypto/public-key.md +++ b/crypto/public-key.md @@ -191,10 +191,10 @@ Because public key schemes are expensive and difficult to make IND-CPA secure, w ## Past Exam Questions Here we've compiled a list of past exam questions that cover public-key cryptography. -- Spring 2024 Final Question 6: Plentiful Playlists -- Spring 2024 Midterm Question 7: Ephemeral Exchanges -- Spring 2024 Midterm Question 6: Authentic Auctions -- Fall 2023 Midterm Question 7: Does EvanBot Snore? -- Spring 2023 Midterm Question 4: Mallory Forger +- [Spring 2024 Final Question 6: Plentiful Playlists](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=10) +- [Spring 2024 Midterm Question 7: Ephemeral Exchanges](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=17) +- [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) +- [Fall 2023 Midterm Question 7: Does EvanBot Snore?](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=17) +- [Spring 2023 Midterm Question 4: Mallory Forger](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=7) [^1]: That is, using AES with 128b keys in CBC mode and then using HMAC with SHA-256 for integrity diff --git a/crypto/signatures.md b/crypto/signatures.md index 46a8b95..0eb69e6 100644 --- a/crypto/signatures.md +++ b/crypto/signatures.md @@ -108,8 +108,8 @@ Note however that the security of signatures do rely on the underlying hash func ## Past Exam Questions Here we've compiled a list of past exam questions that cover signatures. -- Spring 2024 Midterm Question 6: Authentic Auctions -- Summer 2023 Final Question 6: EvanBot Signature Scheme -- Summer 2023 Midterm Question 6: One-Time Signatures +- [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) +- [Summer 2023 Final Question 6: EvanBot Signature Scheme](https://assets.cs161.org/exams/su23/su23final.pdf#page=8) +- [Summer 2023 Midterm Question 6: One-Time Signatures](https://assets.cs161.org/exams/su23/su23mt.pdf#page=12) [^1]: Why do we pick those particular conditions on $$p$$ and $$q$$? Because then $$\varphi(pq) = (p-1)(q-1)$$ will not be a multiple of 3, which is going to allow us to have unique cube roots. diff --git a/crypto/symmetric.md b/crypto/symmetric.md index eff54dd..f333c9f 100644 --- a/crypto/symmetric.md +++ b/crypto/symmetric.md @@ -345,14 +345,14 @@ Different modes have different tradeoffs between usability and security. Althoug ## Past Exam Questions Here we've compiled a list of past exam questions that cover symmetric cryptography. -- Spring 2024 Final Question 5: AES-ROVW -- Spring 2024 Midterm Question 5: Challenging Constructions -- Fall 2023 Final Question 5: Meet Me in the Middle -- Fall 2023 Midterm Question 5: Not Quite by DESign -- Summer 2023 Final Question 5: Ciphertext Thief -- Summer 2023 Midterm Question 5: All or Nothing Security -- Spring 2023 Final Question 5: EvanBlock Cipher -- Spring 2023 Midterm Question 3: IND-CPA and Block Ciphers: evanbotevanbotevanbotevan... +- [Spring 2024 Final Question 5: AES-ROVW](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=8) +- [Spring 2024 Midterm Question 5: Challenging Constructions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=10) +- [Fall 2023 Final Question 5: Meet Me in the Middle](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=5) +- [Fall 2023 Midterm Question 5: Not Quite by DESign](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=9) +- [Summer 2023 Final Question 5: Ciphertext Thief](https://assets.cs161.org/exams/su23/su23final.pdf#page=8) +- [Summer 2023 Midterm Question 5: All or Nothing Security](https://assets.cs161.org/exams/su23/su23mt.pdf#page=9) +- [Spring 2023 Final Question 5: EvanBlock Cipher](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=8) +- [Spring 2023 Midterm Question 3: IND-CPA and Block Ciphers: evanbotevanbotevanbotevan...](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=4) [^1]: Answer: Given $$M$$ and $$C = M \oplus K$$, Eve can calculate $$K = M \oplus C$$. [^2]: This is why the only primary users of one-time-pads are spies in the field. Before the spy leaves, they obtain a large amount of key material. Unlike the other encryption systems we'll see in these notes, a one-time pad can be processed entirely with pencil and paper. The spy then broadcasts messages encrypted with the one-time pad to send back to their home base. To obfuscate the spy's communication, there are also "numbers stations" that continually broadcast meaningless sequences of random numbers. Since the one-time pad is IND-CPA secure, an adversary can't distinguish between the random number broadcasts and the messages encoded with a one time pad. diff --git a/memory-safety/mitigations.md b/memory-safety/mitigations.md index d69fe64..f953ab1 100644 --- a/memory-safety/mitigations.md +++ b/memory-safety/mitigations.md @@ -175,15 +175,15 @@ We can use multiple mitigations together to force the attacker to find multiple ## Past Exam Questions Here we've compiled a list of past exam questions that cover memory safety mitigations. -- Spring 2024 Final Question 3: Everyone Loves PIE -- Spring 2024 Final Question 4: Breaking Bot -- Fall 2023 Final Question 3: exec -- Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half! -- Fall 2023 Midterm Question 3: Homecoming -- Fall 2023 Final Question 4: Ins and Outs -- Summer 2023 Final Question 4: The Last Dance -- Summer 2023 Midterm Question 3: Across the Security-Verse -- Summer 2023 Midterm Question 4: Snacktime +- [Spring 2024 Final Question 3: Everyone Loves PIE](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=4) +- [Spring 2024 Final Question 4: Breaking Bot](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=6) +- [Fall 2023 Final Question 3: exec](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=4) +- [Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half!](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=7) +- [Fall 2023 Midterm Question 3: Homecoming](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=4) +- [Fall 2023 Final Question 4: Ins and Outs](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=6) +- [Summer 2023 Final Question 4: The Last Dance](https://assets.cs161.org/exams/su23/su23final.pdf#page=5) +- [Summer 2023 Midterm Question 3: Across the Security-Verse](https://assets.cs161.org/exams/su23/su23mt.pdf#page=4) +- [Summer 2023 Midterm Question 4: Snacktime](https://assets.cs161.org/exams/su23/su23mt.pdf#page=6) [^1]: The one real performance advantage C has over a garbage collected language like Go is a far more deterministic behavior for memory allocation. But with languages like Rust, which are safe but not garbage collected, this is no longer an advantage for C. [^2]: This function is called a MAC (message authentication code), and we will study it in more detail in the cryptography unit. diff --git a/memory-safety/vulnerabilities.md b/memory-safety/vulnerabilities.md index 8739c76..1483ad8 100644 --- a/memory-safety/vulnerabilities.md +++ b/memory-safety/vulnerabilities.md @@ -323,62 +323,57 @@ This method of injection is very similar to stack smashing, where the attacker o ## Past Exam Questions Here we've compiled a list of past exam questions that cover memory safety vulnerabilities. -- Spring 2024 Final Question 3: Everyone Loves PIE -- Spring 2024 Final Question 4: Breaking Bot -- Spring 2024 Midterm Question 3: 'Tis But a Scratch -- Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half! -- Fall 2023 Final Question 3: exec -- Fall 2023 Final Question 4: Ins and Outs -- Fall 2023 Midterm Question 3: Homecoming -- Fall 2023 Midterm Question 4: Forbidden Instruction -- Summer 2023 Final Question 3: Letter from EvanBot -- Summer 2023 Final Question 4: The Last Dance -- Summer 2023 Midterm Question 3: Across the Security-Verse -- Summer 2023 Midterm Question 4: Snacktime -- Spring 2023 Final Question 3: No Doubt -- Spring 2023 Final Question 4: Andor, or XOR? -- Spring 2023 Midterm Question 6: Cake without Pan -- Spring 2023 Midterm Question 7: Valentine's Day +- [Spring 2024 Final Question 3: Everyone Loves PIE](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=4) +- [Spring 2024 Final Question 4: Breaking Bot](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=6) +- [Spring 2024 Midterm Question 3: 'Tis But a Scratch](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=4) +- [Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half!](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=7) +- [Fall 2023 Final Question 3: exec](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=4) +- [Fall 2023 Final Question 4: Ins and Outs](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=6) +- [Fall 2023 Midterm Question 3: Homecoming](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=4) +- [Fall 2023 Midterm Question 4: Forbidden Instruction](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=7) +- [Summer 2023 Final Question 3: Letter from EvanBot](https://assets.cs161.org/exams/su23/su23final.pdf#page=4) +- [Summer 2023 Final Question 4: The Last Dance](https://assets.cs161.org/exams/su23/su23final.pdf#page=5) +- [Summer 2023 Midterm Question 3: Across the Security-Verse](https://assets.cs161.org/exams/su23/su23mt.pdf#page=4) +- [Summer 2023 Midterm Question 4: Snacktime](https://assets.cs161.org/exams/su23/su23mt.pdf#page=6) +- [Spring 2023 Final Question 3: No Doubt](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=4) +- [Spring 2023 Final Question 4: Andor, or XOR?](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=6) +- [Spring 2023 Midterm Question 6: Cake without Pan](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=12) +- [Spring 2023 Midterm Question 7: Valentine's Day](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=14) A large portion of memory safety vulnerability questions is identifying what type of vulnerability exists within the code. However, if you'd like to practice a specific type of question, feel free to toggle the options below.
Buffer overflow - + + - [Fall 2023 Midterm Question 4: Forbidden Instruction](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=7) + - Involves canaries: [Spring 2023 Final Question 4: Andor, or XOR?](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=6) + - Involves ASLR: [Spring 2023 Midterm Question 7: Valentine's Day](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=14)
Format string vulnerability - + + - [Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half!](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=7) + - [Summer 2023 Midterm Question 4: Snacktime](https://assets.cs161.org/exams/su23/su23mt.pdf#page=6) + - [Spring 2023 Midterm Question 6: Cake without Pan](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=12)
Integer conversion vulnerability - + + - [Spring 2024 Midterm Question 3: 'Tis But a Scratch](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=4) + - [Summer 2023 Final Question 3: Letter from EvanBot](https://assets.cs161.org/exams/su23/su23final.pdf#page=4)
Off-by-one vulnerability - + + - [Spring 2024 Final Question 3: Everyone Loves PIE](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=4) + - [Fall 2023 Final Question 4: Ins and Outs](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=6) + - [Fall 2023 Midterm Question 3: Homecoming](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=4) + - [Summer 2023 Midterm Question 3: Across the Security-Verse](https://assets.cs161.org/exams/su23/su23mt.pdf#page=4)
Other vulnerabilities - + + - Use after free: [Spring 2024 Final Question 4: Breaking Bot](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=6) + - [Summer 2023 Final Question 4: The Last Dance](https://assets.cs161.org/exams/su23/su23final.pdf#page=5)
diff --git a/memory-safety/x86.md b/memory-safety/x86.md index 14c1089..2a423ff 100644 --- a/memory-safety/x86.md +++ b/memory-safety/x86.md @@ -258,7 +258,7 @@ Steps 4-6 are sometimes called the _function prologue_, since they must appear a ## Past Exam Questions Here we've compiled a list of past exam questions that cover x86. These do require an understanding of memory safety vulnerabilities as well, so we recommend understanding those questions first before coming back to these. -- Fall 2023 Midterm Question 3: Homecoming +- [Fall 2023 Midterm Question 3: Homecoming](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=4) [^1]: Answer: Using the table to look up each sequence of 4 bits, we get `0xC161`. [^2]: Answer: $$2^{64}$$ bytes. diff --git a/network/bgp.md b/network/bgp.md index 6cc62b8..e95e3f3 100644 --- a/network/bgp.md +++ b/network/bgp.md @@ -52,7 +52,7 @@ In practice, there's not much anyone can do to defend against a malicious AS, si ## Past Exam Questions Here we've compiled a list of past exam questions that cover BGP. -- Spring 2023 Final Question 8: Life of a Packet +- [Spring 2023 Final Question 8: Life of a Packet](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=15) [^1]: $$2^8$$. The prefix is 24 bits, so there are 32 - 24 = 8 bits not in the prefix. [^2]: Checksums are not cryptographic. The malicious AS could modify the packet and create a new checksum for the modified packet. diff --git a/network/dhcp.md b/network/dhcp.md index a4c05fd..6f4815c 100644 --- a/network/dhcp.md +++ b/network/dhcp.md @@ -64,7 +64,7 @@ Defending against low-layer attacks like DHCP spoofing is hard, because there is ## Past Exam Questions Here we've compiled a list of past exam questions that cover DHCP. -- Spring 2023 Final Question 8: Life of a Packet +- [Spring 2023 Final Question 8: Life of a Packet](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=15) [^1]: A: Before DHCP, the client has no idea where the servers are. [^2]: Source, since it's an outgoing packet. diff --git a/network/dns.md b/network/dns.md index 5a86c56..45f5639 100644 --- a/network/dns.md +++ b/network/dns.md @@ -235,10 +235,10 @@ Sanity check: How much extra security does source port randomization provide aga ## Past Exam Questions Here we've compiled a list of past exam questions that cover DNS. -- Spring 2024 Final Question 8: Check Please -- Fall 2023 Final Question 9: Double-Check Your Work -- Summer 2023 Final Question 10: DNS Hack Finding -- Spring 2023 Final Question 10: Don't Need Security +- [Spring 2024 Final Question 8: Check Please](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=17) +- [Fall 2023 Final Question 9: Double-Check Your Work](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=18) +- [Summer 2023 Final Question 10: DNS Hack Finding](https://assets.cs161.org/exams/su23/su23final.pdf#page=18) +- [Spring 2023 Final Question 10: Don't Need Security](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=18) [^1]: A: MITM and on-path can read the ID field. Off-path must guess the ID field. [^2]: Query `a.edu-servers.net`, whose location we know because of the records in the additional section. Query for the IP address of `eecs.berkeley.edu` just like before. diff --git a/network/dnssec.md b/network/dnssec.md index f437aa6..1b04ae4 100644 --- a/network/dnssec.md +++ b/network/dnssec.md @@ -330,8 +330,8 @@ Of course, an attacker could buy a GPU and precompute hashes to learn domain nam ## Past Exam Questions Here we've compiled a list of past exam questions that cover DNSSEC. -- Spring 2024 Final Question 8: Check Please -- Spring 2023 Final Question 10: Don't Need Security +- [Spring 2024 Final Question 8: Check Please](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=17) +- [Spring 2023 Final Question 10: Don't Need Security](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=18) [^1]: A: DNS responses don't contain sensitive data. Anyone could query the name servers for the same information. [^2]: A: The ZSK of the `.edu` name server. diff --git a/network/intro.md b/network/intro.md index 4560552..6494456 100644 --- a/network/intro.md +++ b/network/intro.md @@ -116,5 +116,5 @@ Note that all adversaries can send packets of their own, including faking or **s ## Past Exam Questions Here we've compiled a list of past exam questions that cover an introduction to networking or network adversaries in specific. -- Fall 2023 Final Question 11: New Phone Who This -- Summer 2023 Final Question 9: Passwords-R-Us +- [Fall 2023 Final Question 11: New Phone Who This](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=20) +- [Summer 2023 Final Question 9: Passwords-R-Us](https://assets.cs161.org/exams/su23/su23final.pdf#page=15) diff --git a/network/tls.md b/network/tls.md index 2a2916d..1402b4a 100644 --- a/network/tls.md +++ b/network/tls.md @@ -94,9 +94,9 @@ This leaves the biggest cost of TLS in managing the private keys. Previously CAs ## Past Exam Questions Here we've compiled a list of past exam questions that cover TLS. -- Spring 2024 Final Question 9: Key Rotation -- Fall 2023 Final Question 11: New Phone Who This -- Spring 2023 Final Question 9: TLS Times Two +- [Spring 2024 Final Question 9: Key Rotation](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=19) +- [Fall 2023 Final Question 11: New Phone Who This](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=20) +- [Spring 2023 Final Question 9: TLS Times Two](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=17) [^1]: A: No. An attacker can obtain the genuine server's certificate by starting its own TLS connection with the genuine server, and then present a copy of that certificate in step 2. [^2]: A: It was signed by a certificate authority in the previous step. diff --git a/network/tor.md b/network/tor.md index 31fd32e..b59008d 100644 --- a/network/tor.md +++ b/network/tor.md @@ -60,4 +60,4 @@ Another possible attack is one that was mentioned in the previous section, when ## Past Exam Questions Here we've compiled a list of past exam questions that cover Tor. -- Fall 2023 Final Question 10: A TORrible Mistake \ No newline at end of file +- [Fall 2023 Final Question 10: A TORrible Mistake](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=19) \ No newline at end of file diff --git a/network/transport.md b/network/transport.md index 382d1da..51d9df9 100644 --- a/network/transport.md +++ b/network/transport.md @@ -108,6 +108,6 @@ One important defense against off-path attackers is using random, unpredictable ## Past Exam Questions Here we've compiled a list of past exam questions that cover the Transport Layer. -- Spring 2023 Final Question 8: Life of a Packet +- [Spring 2023 Final Question 8: Life of a Packet](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=15) [^1]: The sequence number is 32 bits, so guessing a random sequence number succeeds with probability $$1/2^{32}$$. diff --git a/principles/principles.md b/principles/principles.md index 06c8d1c..e6e57de 100644 --- a/principles/principles.md +++ b/principles/principles.md @@ -170,6 +170,6 @@ This is known as a _Time-Of-Check To Time-Of-Use_ (TOCTTOU) vulnerability, becau ## Past Exam Questions Here we've compiled a list of past exam questions that cover security principles. -- Fall 2021 Midterm Question 3: EvanBot Alpha +- [Fall 2021 Midterm Question 3: EvanBot Alpha](https://assets.cs161.org/exams/fa21/fa21mt1.pdf#page=4) [^1]: Windows XP consisted of about 40 million lines of code---all of which were in the TCB. Yikes! diff --git a/web/cookies.md b/web/cookies.md index 814902d..5c426f4 100644 --- a/web/cookies.md +++ b/web/cookies.md @@ -58,8 +58,8 @@ It is easy to confuse session tokens and cookies. Session tokens are the values ## Past Exam Questions Here we've compiled a list of past exam questions that cover cookies. -- Fall 2023 Final Question 7: Unscramble -- Summer 2023 Final Question 8: EvanBank -- Spring 2023 Final Question 7: Botgram +- [Fall 2023 Final Question 7: Unscramble](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=13) +- [Summer 2023 Final Question 8: EvanBank](https://assets.cs161.org/exams/su23/su23final.pdf#page=13) +- [Spring 2023 Final Question 7: Botgram](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=12) [^1]: The lack of restriction on the `Path` attribute has caused problems in the past, as cookies are presented to the server and JavaScript as an unordered set of name/value pairs, but is stored internally as name/path/value tuples, so if two cookies with the same name and host but different path are present, both will be presented to the server in unspecified order. diff --git a/web/csrf.md b/web/csrf.md index 2603488..1ba5202 100644 --- a/web/csrf.md +++ b/web/csrf.md @@ -60,7 +60,7 @@ _Further reading:_ [OWASP Cheat Sheet on CSRF](https://owasp.org/www-community/a ## Past Exam Questions Here we've compiled a list of past exam questions that cover CSRF. -- Fall 2023 Final Question 7: Unscramble -- Spring 2023 Final Question 7: Botgram +- [Fall 2023 Final Question 7: Unscramble](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=13) +- [Spring 2023 Final Question 7: Botgram](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=12) [^1]: Yes, the "Referer" field represents a roughly three decade old misspelling of referrer. This is a silly example of how "legacy", that is old design decisions, can impact things decades later because it can be very hard to change things diff --git a/web/sqli.md b/web/sqli.md index 33ceadb..1df87d4 100644 --- a/web/sqli.md +++ b/web/sqli.md @@ -227,7 +227,7 @@ _Further reading:_ [OWASP Cheat Sheet on SQL Injection](https://owasp.org/www-co ## Past Exam Questions Here we've compiled a list of past exam questions that cover SQL Injection. -- Spring 2024 Final Question 7: Suspicious SQL -- Fall 2023 Final Question 8: Word Game -- Summer 2023 Final Question 7: Barbenheimer -- Spring 2023 Final Question 7: Botgram \ No newline at end of file +- [Spring 2024 Final Question 7: Suspicious SQL](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=13) +- [Fall 2023 Final Question 8: Word Game](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=16) +- [Summer 2023 Final Question 7: Barbenheimer](https://assets.cs161.org/exams/su23/su23final.pdf#page=11) +- [Spring 2023 Final Question 7: Botgram](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=12) \ No newline at end of file diff --git a/web/xss.md b/web/xss.md index d26200a..6ca5f76 100644 --- a/web/xss.md +++ b/web/xss.md @@ -94,4 +94,4 @@ _Further reading:_ [OWASP Cheat Sheet on XSS](https://owasp.org/www-community/at ## Past Exam Questions Here we've compiled a list of past exam questions that cover XSS. -- Fall 2023 Final Question 7: Unscramble \ No newline at end of file +- [Fall 2023 Final Question 7: Unscramble](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=13) \ No newline at end of file From 4d494c6bdcbf01f0ebbdbd7055145b813b9db40f Mon Sep 17 00:00:00 2001 From: Ashley Chiu Date: Sat, 14 Sep 2024 19:42:47 -0700 Subject: [PATCH 6/8] fix mem safety toggled links --- memory-safety/vulnerabilities.md | 38 ++++++++++++++++++++------------ 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/memory-safety/vulnerabilities.md b/memory-safety/vulnerabilities.md index 1483ad8..efb45c8 100644 --- a/memory-safety/vulnerabilities.md +++ b/memory-safety/vulnerabilities.md @@ -344,36 +344,46 @@ A large portion of memory safety vulnerability questions is identifying what typ
Buffer overflow - - [Fall 2023 Midterm Question 4: Forbidden Instruction](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=7) - - Involves canaries: [Spring 2023 Final Question 4: Andor, or XOR?](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=6) - - Involves ASLR: [Spring 2023 Midterm Question 7: Valentine's Day](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=14) +
Format string vulnerability - - [Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half!](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=7) - - [Summer 2023 Midterm Question 4: Snacktime](https://assets.cs161.org/exams/su23/su23mt.pdf#page=6) - - [Spring 2023 Midterm Question 6: Cake without Pan](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=12) +
Integer conversion vulnerability - - [Spring 2024 Midterm Question 3: 'Tis But a Scratch](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=4) - - [Summer 2023 Final Question 3: Letter from EvanBot](https://assets.cs161.org/exams/su23/su23final.pdf#page=4) +
Off-by-one vulnerability - - [Spring 2024 Final Question 3: Everyone Loves PIE](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=4) - - [Fall 2023 Final Question 4: Ins and Outs](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=6) - - [Fall 2023 Midterm Question 3: Homecoming](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=4) - - [Summer 2023 Midterm Question 3: Across the Security-Verse](https://assets.cs161.org/exams/su23/su23mt.pdf#page=4) +
Other vulnerabilities - - Use after free: [Spring 2024 Final Question 4: Breaking Bot](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=6) - - [Summer 2023 Final Question 4: The Last Dance](https://assets.cs161.org/exams/su23/su23final.pdf#page=5) +
From 43ae6630d6ff0f3760e992eeab4b23521539e87a Mon Sep 17 00:00:00 2001 From: Ashley Chiu Date: Sat, 14 Sep 2024 20:30:37 -0700 Subject: [PATCH 7/8] update links --- crypto/hashes.md | 1 + crypto/key-exchange.md | 1 + crypto/macs.md | 1 + crypto/passwords.md | 1 + crypto/public-key.md | 1 + crypto/signatures.md | 1 + crypto/symmetric.md | 1 + memory-safety/mitigations.md | 1 + memory-safety/vulnerabilities.md | 53 +++++++++++++------------------- memory-safety/x86.md | 1 + network/bgp.md | 1 + network/dhcp.md | 1 + network/dns.md | 1 + network/dnssec.md | 1 + network/intro.md | 1 + network/tls.md | 1 + network/tor.md | 1 + network/transport.md | 1 + principles/principles.md | 1 + web/cookies.md | 1 + web/csrf.md | 1 + web/sqli.md | 1 + web/xss.md | 1 + 23 files changed, 44 insertions(+), 31 deletions(-) diff --git a/crypto/hashes.md b/crypto/hashes.md index f3fe18e..8392697 100644 --- a/crypto/hashes.md +++ b/crypto/hashes.md @@ -70,6 +70,7 @@ A slight variation on this method is to hash each record 10 separate times, each ## Past Exam Questions Here we've compiled a list of past exam questions that cover cryptographic hashes. + - [Spring 2024 Midterm Question 7: Ephemeral Exchanges](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=17) - [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) - [Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme)](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=11) diff --git a/crypto/key-exchange.md b/crypto/key-exchange.md index 322384a..f73e562 100644 --- a/crypto/key-exchange.md +++ b/crypto/key-exchange.md @@ -126,6 +126,7 @@ The main reason why the Diffie-Hellman protocol is vulnerable to this attack is ## Past Exam Questions Here we've compiled a list of past exam questions that cover Diffie-Hellman key exchange. + - [Spring 2024 Final Question 6: Plentiful Playlists](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=10) - [Summer 2023 Midterm Question 7: Oblivious Transfer](https://assets.cs161.org/exams/su23/su23mt.pdf#page=15) diff --git a/crypto/macs.md b/crypto/macs.md index 80fd8fb..d1a8818 100644 --- a/crypto/macs.md +++ b/crypto/macs.md @@ -140,6 +140,7 @@ Some other modes include CCM mode, CWC mode, and OCB mode, but these are out of ## Past Exam Questions Here we've compiled a list of past exam questions that cover MACs. + - [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) - [Fall 2023 Midterm Question 6: Mix-and-MAC](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=12) - [Spring 2023 Final Question 6: Lights, Camera, MACtion](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=10) diff --git a/crypto/passwords.md b/crypto/passwords.md index 97383e7..519e6a6 100644 --- a/crypto/passwords.md +++ b/crypto/passwords.md @@ -168,6 +168,7 @@ in the database, where $$s$$ is a random salt chosen randomly for that user and ## Past Exam Questions Here we've compiled a list of past exam questions that cover passwords. + - [Fall 2023 Final Question 6: YAAS (Yet Another Authentication Scheme)](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=11) - [Summer 2023 Final Question 8: EvanBank](https://assets.cs161.org/exams/su23/su23final.pdf#page=13) - [Spring 2023 Midterm Question 5: alice161](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=9) diff --git a/crypto/public-key.md b/crypto/public-key.md index b9694d9..47e915d 100644 --- a/crypto/public-key.md +++ b/crypto/public-key.md @@ -191,6 +191,7 @@ Because public key schemes are expensive and difficult to make IND-CPA secure, w ## Past Exam Questions Here we've compiled a list of past exam questions that cover public-key cryptography. + - [Spring 2024 Final Question 6: Plentiful Playlists](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=10) - [Spring 2024 Midterm Question 7: Ephemeral Exchanges](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=17) - [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) diff --git a/crypto/signatures.md b/crypto/signatures.md index 0eb69e6..f6aea67 100644 --- a/crypto/signatures.md +++ b/crypto/signatures.md @@ -108,6 +108,7 @@ Note however that the security of signatures do rely on the underlying hash func ## Past Exam Questions Here we've compiled a list of past exam questions that cover signatures. + - [Spring 2024 Midterm Question 6: Authentic Auctions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=13) - [Summer 2023 Final Question 6: EvanBot Signature Scheme](https://assets.cs161.org/exams/su23/su23final.pdf#page=8) - [Summer 2023 Midterm Question 6: One-Time Signatures](https://assets.cs161.org/exams/su23/su23mt.pdf#page=12) diff --git a/crypto/symmetric.md b/crypto/symmetric.md index f333c9f..40e98b9 100644 --- a/crypto/symmetric.md +++ b/crypto/symmetric.md @@ -345,6 +345,7 @@ Different modes have different tradeoffs between usability and security. Althoug ## Past Exam Questions Here we've compiled a list of past exam questions that cover symmetric cryptography. + - [Spring 2024 Final Question 5: AES-ROVW](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=8) - [Spring 2024 Midterm Question 5: Challenging Constructions](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=10) - [Fall 2023 Final Question 5: Meet Me in the Middle](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=5) diff --git a/memory-safety/mitigations.md b/memory-safety/mitigations.md index f953ab1..7edae9d 100644 --- a/memory-safety/mitigations.md +++ b/memory-safety/mitigations.md @@ -175,6 +175,7 @@ We can use multiple mitigations together to force the attacker to find multiple ## Past Exam Questions Here we've compiled a list of past exam questions that cover memory safety mitigations. + - [Spring 2024 Final Question 3: Everyone Loves PIE](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=4) - [Spring 2024 Final Question 4: Breaking Bot](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=6) - [Fall 2023 Final Question 3: exec](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=4) diff --git a/memory-safety/vulnerabilities.md b/memory-safety/vulnerabilities.md index efb45c8..350be49 100644 --- a/memory-safety/vulnerabilities.md +++ b/memory-safety/vulnerabilities.md @@ -323,6 +323,7 @@ This method of injection is very similar to stack smashing, where the attacker o ## Past Exam Questions Here we've compiled a list of past exam questions that cover memory safety vulnerabilities. + - [Spring 2024 Final Question 3: Everyone Loves PIE](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=4) - [Spring 2024 Final Question 4: Breaking Bot](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=6) - [Spring 2024 Midterm Question 3: 'Tis But a Scratch](https://assets.cs161.org/exams/sp24/sp24mt.pdf#page=4) @@ -340,50 +341,40 @@ Here we've compiled a list of past exam questions that cover memory safety vulne - [Spring 2023 Midterm Question 6: Cake without Pan](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=12) - [Spring 2023 Midterm Question 7: Valentine's Day](https://assets.cs161.org/exams/sp23/sp23mt.pdf#page=14) -A large portion of memory safety vulnerability questions is identifying what type of vulnerability exists within the code. However, if you'd like to practice a specific type of question, feel free to toggle the options below. +A large portion of memory safety vulnerability questions is identifying what type of vulnerability exists within the code. However, if you'd like to practice a specific type of question, feel free to toggle the options below. Please utilize the links from above.
- Buffer overflow + Buffer overflow - +- Fall 2023 Midterm Question 4: Forbidden Instruction
+- Involves canaries: Spring 2023 Final Question 4: Andor, or XOR?
+- Involves ASLR: Spring 2023 Midterm Question 7: Valentine's Day
- Format string vulnerability + Format string vulnerability - +- Spring 2024 Midterm Question 4: I Sawed This Shellcode In Half!
+- Summer 2023 Midterm Question 4: Snacktime
+- Spring 2023 Midterm Question 6: Cake without Pan
- Integer conversion vulnerability + Integer conversion vulnerability - +- Spring 2024 Midterm Question 3: 'Tis But a Scratch
+- Summer 2023 Final Question 3: Letter from EvanBot
- Off-by-one vulnerability - - + Off-by-one vulnerability + +- Spring 2024 Final Question 3: Everyone Loves PIE
+- Fall 2023 Final Question 4: Ins and Outs
+- Fall 2023 Midterm Question 3: Homecoming
+- Summer 2023 Midterm Question 3: Across the Security-Verse
- Other vulnerabilities + Other vulnerabilities - +- Use after free: Spring 2024 Final Question 4: Breaking Bot
+- Summer 2023 Final Question 4: The Last Dance
diff --git a/memory-safety/x86.md b/memory-safety/x86.md index 2a423ff..b3e9cf3 100644 --- a/memory-safety/x86.md +++ b/memory-safety/x86.md @@ -258,6 +258,7 @@ Steps 4-6 are sometimes called the _function prologue_, since they must appear a ## Past Exam Questions Here we've compiled a list of past exam questions that cover x86. These do require an understanding of memory safety vulnerabilities as well, so we recommend understanding those questions first before coming back to these. + - [Fall 2023 Midterm Question 3: Homecoming](https://assets.cs161.org/exams/fa23/fa23mt.pdf#page=4) [^1]: Answer: Using the table to look up each sequence of 4 bits, we get `0xC161`. diff --git a/network/bgp.md b/network/bgp.md index e95e3f3..8e9ad99 100644 --- a/network/bgp.md +++ b/network/bgp.md @@ -52,6 +52,7 @@ In practice, there's not much anyone can do to defend against a malicious AS, si ## Past Exam Questions Here we've compiled a list of past exam questions that cover BGP. + - [Spring 2023 Final Question 8: Life of a Packet](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=15) [^1]: $$2^8$$. The prefix is 24 bits, so there are 32 - 24 = 8 bits not in the prefix. diff --git a/network/dhcp.md b/network/dhcp.md index 6f4815c..f0b36b7 100644 --- a/network/dhcp.md +++ b/network/dhcp.md @@ -64,6 +64,7 @@ Defending against low-layer attacks like DHCP spoofing is hard, because there is ## Past Exam Questions Here we've compiled a list of past exam questions that cover DHCP. + - [Spring 2023 Final Question 8: Life of a Packet](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=15) [^1]: A: Before DHCP, the client has no idea where the servers are. diff --git a/network/dns.md b/network/dns.md index 45f5639..7352f3d 100644 --- a/network/dns.md +++ b/network/dns.md @@ -235,6 +235,7 @@ Sanity check: How much extra security does source port randomization provide aga ## Past Exam Questions Here we've compiled a list of past exam questions that cover DNS. + - [Spring 2024 Final Question 8: Check Please](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=17) - [Fall 2023 Final Question 9: Double-Check Your Work](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=18) - [Summer 2023 Final Question 10: DNS Hack Finding](https://assets.cs161.org/exams/su23/su23final.pdf#page=18) diff --git a/network/dnssec.md b/network/dnssec.md index 1b04ae4..778e9cd 100644 --- a/network/dnssec.md +++ b/network/dnssec.md @@ -330,6 +330,7 @@ Of course, an attacker could buy a GPU and precompute hashes to learn domain nam ## Past Exam Questions Here we've compiled a list of past exam questions that cover DNSSEC. + - [Spring 2024 Final Question 8: Check Please](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=17) - [Spring 2023 Final Question 10: Don't Need Security](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=18) diff --git a/network/intro.md b/network/intro.md index 6494456..7db27c4 100644 --- a/network/intro.md +++ b/network/intro.md @@ -116,5 +116,6 @@ Note that all adversaries can send packets of their own, including faking or **s ## Past Exam Questions Here we've compiled a list of past exam questions that cover an introduction to networking or network adversaries in specific. + - [Fall 2023 Final Question 11: New Phone Who This](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=20) - [Summer 2023 Final Question 9: Passwords-R-Us](https://assets.cs161.org/exams/su23/su23final.pdf#page=15) diff --git a/network/tls.md b/network/tls.md index 1402b4a..9065b89 100644 --- a/network/tls.md +++ b/network/tls.md @@ -94,6 +94,7 @@ This leaves the biggest cost of TLS in managing the private keys. Previously CAs ## Past Exam Questions Here we've compiled a list of past exam questions that cover TLS. + - [Spring 2024 Final Question 9: Key Rotation](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=19) - [Fall 2023 Final Question 11: New Phone Who This](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=20) - [Spring 2023 Final Question 9: TLS Times Two](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=17) diff --git a/network/tor.md b/network/tor.md index b59008d..271f794 100644 --- a/network/tor.md +++ b/network/tor.md @@ -60,4 +60,5 @@ Another possible attack is one that was mentioned in the previous section, when ## Past Exam Questions Here we've compiled a list of past exam questions that cover Tor. + - [Fall 2023 Final Question 10: A TORrible Mistake](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=19) \ No newline at end of file diff --git a/network/transport.md b/network/transport.md index 51d9df9..17c27f2 100644 --- a/network/transport.md +++ b/network/transport.md @@ -108,6 +108,7 @@ One important defense against off-path attackers is using random, unpredictable ## Past Exam Questions Here we've compiled a list of past exam questions that cover the Transport Layer. + - [Spring 2023 Final Question 8: Life of a Packet](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=15) [^1]: The sequence number is 32 bits, so guessing a random sequence number succeeds with probability $$1/2^{32}$$. diff --git a/principles/principles.md b/principles/principles.md index e6e57de..920670b 100644 --- a/principles/principles.md +++ b/principles/principles.md @@ -170,6 +170,7 @@ This is known as a _Time-Of-Check To Time-Of-Use_ (TOCTTOU) vulnerability, becau ## Past Exam Questions Here we've compiled a list of past exam questions that cover security principles. + - [Fall 2021 Midterm Question 3: EvanBot Alpha](https://assets.cs161.org/exams/fa21/fa21mt1.pdf#page=4) [^1]: Windows XP consisted of about 40 million lines of code---all of which were in the TCB. Yikes! diff --git a/web/cookies.md b/web/cookies.md index 5c426f4..f839bbe 100644 --- a/web/cookies.md +++ b/web/cookies.md @@ -58,6 +58,7 @@ It is easy to confuse session tokens and cookies. Session tokens are the values ## Past Exam Questions Here we've compiled a list of past exam questions that cover cookies. + - [Fall 2023 Final Question 7: Unscramble](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=13) - [Summer 2023 Final Question 8: EvanBank](https://assets.cs161.org/exams/su23/su23final.pdf#page=13) - [Spring 2023 Final Question 7: Botgram](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=12) diff --git a/web/csrf.md b/web/csrf.md index 1ba5202..2fd935f 100644 --- a/web/csrf.md +++ b/web/csrf.md @@ -60,6 +60,7 @@ _Further reading:_ [OWASP Cheat Sheet on CSRF](https://owasp.org/www-community/a ## Past Exam Questions Here we've compiled a list of past exam questions that cover CSRF. + - [Fall 2023 Final Question 7: Unscramble](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=13) - [Spring 2023 Final Question 7: Botgram](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=12) diff --git a/web/sqli.md b/web/sqli.md index 1df87d4..3bdc57f 100644 --- a/web/sqli.md +++ b/web/sqli.md @@ -227,6 +227,7 @@ _Further reading:_ [OWASP Cheat Sheet on SQL Injection](https://owasp.org/www-co ## Past Exam Questions Here we've compiled a list of past exam questions that cover SQL Injection. + - [Spring 2024 Final Question 7: Suspicious SQL](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=13) - [Fall 2023 Final Question 8: Word Game](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=16) - [Summer 2023 Final Question 7: Barbenheimer](https://assets.cs161.org/exams/su23/su23final.pdf#page=11) diff --git a/web/xss.md b/web/xss.md index 6ca5f76..021feb7 100644 --- a/web/xss.md +++ b/web/xss.md @@ -94,4 +94,5 @@ _Further reading:_ [OWASP Cheat Sheet on XSS](https://owasp.org/www-community/at ## Past Exam Questions Here we've compiled a list of past exam questions that cover XSS. + - [Fall 2023 Final Question 7: Unscramble](https://assets.cs161.org/exams/fa23/fa23final.pdf#page=13) \ No newline at end of file From cedbe22efc94ffc90f408798f942fcd0ce8f8072 Mon Sep 17 00:00:00 2001 From: ashley <90108886+ashmchiu@users.noreply.github.com> Date: Sun, 15 Sep 2024 14:36:51 -0700 Subject: [PATCH 8/8] Update dnssec.md --- network/dnssec.md | 1 - 1 file changed, 1 deletion(-) diff --git a/network/dnssec.md b/network/dnssec.md index 778e9cd..2a469c5 100644 --- a/network/dnssec.md +++ b/network/dnssec.md @@ -332,7 +332,6 @@ Of course, an attacker could buy a GPU and precompute hashes to learn domain nam Here we've compiled a list of past exam questions that cover DNSSEC. - [Spring 2024 Final Question 8: Check Please](https://assets.cs161.org/exams/sp24/sp24final.pdf#page=17) -- [Spring 2023 Final Question 10: Don't Need Security](https://assets.cs161.org/exams/sp23/sp23final.pdf#page=18) [^1]: A: DNS responses don't contain sensitive data. Anyone could query the name servers for the same information. [^2]: A: The ZSK of the `.edu` name server.