Reference list

Helpful references

Unix Commands

cat:

Concatenate files and print the result (or print a single file)

cd:

Change the working directory

cp:

Copy a file

echo:

Display given text

(gdb) ba:

Print a backtrace

(gdb) break:

Set a break point

(gdb) continue:

Continue execution after breaking

(gdb) disassemble:

Disassemble a block of instructions

(gdb) print:

Print a value

(gdb) quit:

Quit

(gdb) run:

Run program you have loaded in GDB

(gdb) stepi:

Step forward one instruction

(gdb) x:

Examine the contents of memory

git add:

Designate one or more files as part of the next commit

git clone:

Make a local copy of a Git repository

git commit:

Perform a commit and record an associated message

git diff:

Display the changes made since the last commit

git log:

Print the history of commits to a project

git push:

Push committed changes back to the original repository

git reset:

Reset Git repository to a previous state

ls:

List directory contents

man:

Display a Unix manual page

mkdir:

Create a directory

mv:

Move (rename) a file

nc (netcat):

Concatenate and redirect sockets

objdump:

Display information about object files, including disassembly

pwd:

Print working directory

rmdir:

Permanently remove an empty directory

rm:

Permanently remove a file

C Elements

argc:

An integer indicating the number of command-line arguments received by the program

argv:

An array of pointers to the program’s command-line arguments

char:

A single-byte type capable of holding a character, e.g., ‘a’, ‘g’, or ‘Z’

else:

Execute the following block when the previous if did not execute

float:

A floating-point type that approximates a real number

foo[n] = 42:

Set the nth element of the array foo to the value 42

for:

Iterates until a condition is no longer met

if:

Conditionally execute the following block

int:

An integer type from -n to n-1

||:

The logical-or operator

>:

The greater-than operator

>=:

The greater-than-or-equal operator

<:

The less-than operator

<=:

The less-than-or-equal operator

t foo[] = { 1, 2, 3, 4, 5 }:

Create an array named foo with given values

t foo[n]:

Create an array named foo of n objects of type t

+:

The addition operator

=:

The assignment operator

/:

The division operator

==:

The equality operator

!=:

The inequality operator

&&:

The logical-and operator

!:

The logical-negation operator

%:

The modulus (remainder) operator

*:

The multiplication operator

-:

The subtraction operator

Go Elements

char:

A single-byte type capable of holding a character, e.g., ‘a’, ‘g’, or ‘Z’

else:

Execute the following block when the previous if did not execute

float:

A floating-point type that approximates a real number

for:

Iterates until a condition is no longer met

if:

Conditionally execute the following block

int:

An integer type from -n to n-1

os.Args:

A slice of command-line arguments

||:

The logical-or operator

>:

The greater-than operator

>=:

The greater-than-or-equal operator

<:

The less-than operator

<=:

The less-than-or-equal operator

+:

The addition operator

=:

The assignment operator

/:

The division operator

==:

The equality operator

!=:

The inequality operator

&&:

The logical-and operator

!:

The logical-negation operator

%:

The modulus (remainder) operator

*:

The multiplication operator

-:

The subtraction operator

Java Elements

a.length:

The length of the array a

args:

An array of command-line arguments

char:

A single-byte type capable of holding a character, e.g., ‘a’, ‘g’, or ‘Z’

else:

Execute the following block when the previous if did not execute

float:

A floating-point type that approximates a real number

foo[n] = 42:

Set the nth element of the array foo to the value 42

for:

Loop with initialization, condition, and increment

if:

Conditionally execute the following block

int:

An integer type from -n to n-1

int[] foo = { 1, 2, 3, 4, 5 }:

Create an array named foo with given values

||:

The logical-or operator

>:

The greater-than operator

>=:

The greater-than-or-equal operator

<:

The less-than operator

<=:

The less-than-or-equal operator

t[] foo = new t[n]:

Create an array named foo of n objects of type t

+:

The addition operator

=:

The assignment operator

/:

The division operator

==:

The equality operator

!=:

The inequality operator

&&:

The logical-and operator

!:

The logical-negation operator

%:

The modulus (remainder) operator

*:

The multiplication operator

-:

The subtraction operator

while:

Repeat the following block as long as an expression evaluates to true

Python Elements

elif:

Conditionally execute the following block, but only when the previous if did not execute

else:

Execute the following block when the previous if did not execute

for:

Iterates over the elements of a sequence

if:

Conditionally execute the following block

sys.argv:

An array of command-line arguments

||:

The logical-or operator

>:

The greater-than operator

>=:

The greater-than-or-equal operator

<:

The less-than operator

<=:

The less-than-or-equal operator

+:

The addition operator

=:

The assignment operator

/:

The division operator

==:

The equality operator

!=:

The inequality operator

//:

The integer division operator

&&:

The logical-and operator

!:

The logical-negation operator

%:

The modulus (remainder) operator

*:

The multiplication operator

-:

The subtraction operator

C Functions

connect:

Connect a socket to an address

execvp:

Execute a file

exit:

Terminate the current process

fork:

Create a new process by duplicating the calling process

freeaddrinfo:

Free the address object provided from a getaddrinfo call

gai_strerror:

Print the error string associated with a failed getaddrinfo call

getaddrinfo:

Obtain one or more addresses for a host

isalpha:

Determine whether the given value represents an alphabetic character

printf:

Print to standard output with formatting

recv:

Receive a message from a connected socket

scanf:

Read formatted values from standard input

socket:

Return a socket abstraction able to send or receive communication messages

strcmp:

Compare two strings

strstr:

Search for the occurrence of one string in another

tolower:

Convert a capital letter to lower-case; return lower-case letter unchanged

wait:

Wait for a child process to stop or terminate

Go Functions

bufio.NewReader:

Create a buffered reader from a non-buffered reader such as a connection

bufio.Reader.ReadString:

Read up to and including the first occurrence of a delimiting string

fmt.Printf:

Print to standard output with formatting

fmt.Println:

Print to standard output

fmt.Scanf:

Read formatted values from standard input

net.Dial:

Create a connection to the given address

Java methods

Character.isLetter:

Determine whether the given value represents an alphabetic character

Character.toLowerCase:

Convert a capital letter to lower-case; return lower-case letter unchanged

java.util.Scanner:

Read values from text

String.contains:

Search for the occurrence of one string in another

String.equals:

Compare two strings

System.out.printf:

Print to standard output with formatting

System.out.println:

Print to standard output

Python Functions

print:

Print to standard output

socket.socket:

Return a socket abstraction able to send or receive communication messages

SocketType.connect:

Connect a SocketType object to an address

SocketType.recv:

Receive a message from a connected SocketType object

References

  • [1] (2003) Administrator’s guide to Linux in the Windows enterprise. TechRepublic, Louisville, Kentucky, USA. External Links: ISBN 1932509127
  • [2] Aleph One (1996) Smashing the stack for fun and profit. Phrack Magazine 7 (49), pp. 14.
  • [3] R. H. Arpaci-Dusseau and A. C. Arpaci-Dusseau (2018-08) Operating systems: three easy pieces. 1.00 edition, Arpaci-Dusseau Books. External Links: Link
  • [4] D. J. Bernstein, T. Lange, and P. Schwabe (2012) The security impact of a new cryptographic library. In International Conference on Cryptology and Information Security in Latin America, Lecture Notes in Computer Science, Vol. 7533, pp. 159–176.
  • [5] D. J. Bernstein (2007) Some thoughts on security after ten years of qmail 1.0. In Proceedings of the 2007 ACM workshop on Computer security architecture, CSAW ’07, New York, NY, USA, pp. 1–10. External Links: ISBN 978-1-59593-890-9
  • [6] E. Buchanan, R. Roemer, H. Shacham, and S. Savage (2008) When good instructions go bad: generalizing return-oriented programming to RISC. In Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS ’08, New York, New York, USA, pp. 27–38. External Links: ISBN 978-1-59593-810-7
  • [7] E. Bursztein, B. Gourdin, C. Fabry, J. Bau, G. Rydstedt, H. Bojinov, D. Boneh, and J. C. Mitchell (2010-08) Webseclab security education workbench. In Proceedings of the 3rd Workshop on Cyber Security Experimentation and Test, CSET ’10, Berkeley, CA, USA.
  • [8] M. Carlisle, M. Chiaramonte, and D. Caswell (2015-08) Using CTFs for an undergraduate cyber education. In Proceedings of the 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education, Berkeley, California, USA.
  • [9] S. Chacon and B. Straub (2014) Pro git. 2nd edition, Apress, Berkely, California, USA. External Links: ISBN 9781484200773
  • [10] P. Chapman, J. Burket, and D. Brumley (2014-08) PicoCTF: a game-based computer security competition for high school students.
  • [11] K. Chung and J. Cohen (2014-08) Learning obstacles in the capture the flag model. In Proceedings of the 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education, Berkeley, California, USA.
  • [12] K. Chung (2017-08) Lowering the barriers to capture the flag administration and participation. In Proceedings of the 2017 USENIX Workshop on Advances in Security Education, Berkeley, California, USA.
  • [13] I. Corporation (2016-09) Intel 64 and IA-32 architectures software developer’s manual: volume 2. Intel Corporation.
  • [14] I. Corporation (2016-09) Intel 64 and IA-32 architectures software developer’s manual: volume 3. Intel Corporation.
  • [15] E. F. Corriero (2017) Counterbalancing. In The SAGE Encyclopedia of Communication Research Methods, M. Allen (Ed.), Vol. 1. External Links: ISBN 978-1-4833-8143-5
  • [16] C. Cowan, S. Arnold, S. Beattie, C. Wright, and J. Viega (2003-04) Defcon capture the flag: defending vulnerable code from intense attack. In Proceedings DARPA Information Survivability Conference and Exposition, Vol. 1, New York, New York, USA, pp. 120–129.
  • [17] C. Cowan, C. Pu, D. Maier, H. Hintony, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang (1998) StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Symposium, Berkeley, California, USA.
  • [18] R. Cox, E. Grosse, R. Pike, D. Presotto, and S. Quinlan (2002) Security in Plan 9. In Proceedings of the USENIX Security Symposium, Berkeley, California, USA, pp. 3–16.
  • [19] A. A. A. Donovan and B. W. Kernighan (2016) The Go programming language. Addison-Wesley. External Links: ISBN 0134190440
  • [20] A. Downey and C. Mayfield (2016) Think Java: how to think like a computer scientist. O’Reilly Media. External Links: ISBN 9781491929513, Link
  • [21] R. Draeger (2017) Within-subjects design. In The SAGE Encyclopedia of Communication Research Methods, M. Allen (Ed.), Vol. 4. External Links: ISBN 978-1-4833-8143-5
  • [22] W. Du and R. Wang (2008-03) SEED: a suite of instructional laboratories for computer security education. Journal on Educational Resources in Computing 8 (1). External Links: ISSN 1531-4278
  • [23] S. Fahl, M. Harbach, T. Muders, M. Smith, L. Baumgärtner, and B. Freisleben (2012) Why Eve and Mallory love Android: an analysis of Android SSL (in)security. In Proceedings of the 19th ACM SIGSAC Conference on Computer and Communications Security, New York, NY, USA, pp. 50–61. External Links: ISBN 978-1-4503-1651-4
  • [24] S. Fahl, M. Harbach, H. Perl, M. Koetter, and M. Smith (2013) Rethinking SSL development in an appified world. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS ’13, New York, NY, USA, pp. 49–60.
  • [25] R. Fanelli and T.J. O’Connor (2010-08) Experiences with practice-focused undergraduate security education. In Proceedings of the 3rd Workshop on Cyber Security Experimentation and Test, CSET ’10, Berkeley, CA, USA.
  • [26] P. S. Foundation (2019) The Python tutorial. Python Software Foundation.
  • [27] M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov (2012) The most dangerous code in the world: validating SSL certificates in non-browser software. In Proceedings of the 19th ACM Conference on Computer and Communications Security, CCS ’12, New York, NY, USA, pp. 38–49.
  • [28] P. J. Guo, J. White, and R. Zanelatto (2015) Codechella: multi-user program visualizations for real-time tutoring and collaborative learning. In 2015 IEEE Symposium on Visual Languages and Human-Centric Computing, VL/HCC ’15, New York, New York, USA, pp. 79–87.
  • [29] P. J. Guo (2013) Online python tutor: embeddable web-based program visualization for CS education. In Proceeding of the 44th ACM Technical Symposium on Computer Science Education, SIGCSE ’13, New York, New York, USA, pp. 579–584. External Links: ISBN 9781450318686
  • [30] P. J. Guo (2015) Codeopticon: real-time, one-to-many human tutoring for computer programming. In Proceedings of the 28th Annual ACM Symposium on User Interface Software and Technology, UIST ’15, New York, New York, USA, pp. 599–608. External Links: ISBN 9781450337793
  • [31] B. Hall (2011) Beej’s guide to network programming using internet sockets. Jorgensen Publishing. External Links: Link
  • [32] G. Hunter, D. Livingstone, P. Neve, and G. Alsop (2013-07) Learn programming++: the design, implementation and deployment of an intelligent environment for the teaching and learning of computer programming. In Proceedings of the 9th International Conference on Intelligent Environments, New York, New York, USA, pp. 129–136.
  • [33] B. W. Kernighan and R. Pike (1984) The UNIX programming environment. Prentice Hall, Inc.. External Links: ISBN 013937681x
  • [34] B. W. Kernighan and D. M. Ritchie (1988) The C programming language. 2nd edition, Prentice Hall Professional Technical Reference. External Links: ISBN 0131103709
  • [35] S. Keshav (2007-07) How to read a paper. SIGCOMM Computer Communication Review 37 (3), pp. 83–84. External Links: ISSN 0146-4833
  • [36] R. Levin and D. D. Redell (1988-10) An evaluation of the ninth SOSP submissions or how (and how not) to write a good systems paper. SIGGRAPH Comput. Graph. 22 (5), pp. 264–266. External Links: ISSN 0097-8930
  • [37] P. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrel (1998) The inevitability of failure: the flawed assumption of security in modern computing environments. In 21st National Information System Security Conference, pp. 303–314.
  • [38] P. Loscocco and S. Smalley (2001-06) Integrating flexible support for security policies into the Linux operating system. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, Berkeley, California, USA, pp. 29–42.
  • [39] A. Oeldorf-Hirsch (2017) Between-subjects design. In The SAGE Encyclopedia of Communication Research Methods, M. Allen (Ed.), Vol. 4. External Links: ISBN 978-1-4833-8143-5
  • [40] M. Peter and G. Timothy (2011-09) NIST special publication 800–145. Note: \urlhttps://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf [Accessed July 9, 2020]
  • [41] B. Pfaff, A. Romano, and G. Back (2009) The Pintos instructional operating system kernel. In Proceedings of the 40th ACM Technical Symposium on Computer Science Education, SIGCSE ’09, pp. 453–457.
  • [42] N. Provos, M. Friedl, and P. Honeyman (2003-08) Preventing privilege escalation. In Proceedings of the USENIX Security Symposium, Berkeley, California, USA, pp. 231–242.
  • [43] D. M. Ritchie and K. Thompson (1974) The UNIX time-sharing system. Communications of the ACM 17 (7), pp. 365–375. External Links: ISSN 0001-0782, Document
  • [44] A. Ruef, M. Hicks, J. Parker, D. Levin, M. L. Mazurek, and P. Mardziel (2016) Build it, break it, fix it: contesting secure development. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, New York, NY, USA, pp. 690–703.
  • [45] J. H. Saltzer (1974-07) Protection and the control of information sharing in multics. Communications of the ACM 17 (7), pp. 388–402.
  • [46] J. H. Saltzer and M. D. Schroeder (1975) The protection of information in computer systems. Proceedings of the IEEE 63 (9), pp. 1278–1308. External Links: Link
  • [47] scut / team teso (2001-09) Exploiting format string vulnerabilities. Note: Version 1.2
  • [48] H. Shacham (2007) The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, New York, New York, USA, pp. 552–561. External Links: ISBN 978-1-59593-703-2
  • [49] E. Trickel, F. Disperati, E. Gustafson, F. Kalantari, M. Mabey, N. Tiwari, Y. Safaei, A. Doupé, and G. Vigna (2017-08) Shell we play a game? CTF-as-a-service for security education. In Proceedings of the 2017 USENIX Workshop on Advances in Security Education, Berkeley, California, USA.
  • [50] J. Vitek and T. Kalibera (2012-03) R3: repeatability, reproducibility and rigor. SIGPLAN Notices 47 (4a), pp. 30–36. External Links: ISSN 0362-1340
  • [51] R. Watson, J. Anderson, B. Laurie, and K. Kennaway (2010-08) Capsicum: practical capabilities in UNIX. In Proceedings of the USENIX Security Symposium, Berkeley, California, USA.
  • [52] J. Werther, M. Zhivich, T. Leek, and N. Zeldovich (2011-08) Experiences in cyber security education: the MIT Lincoln Laboratory capture-the-flag exercise. In Proceedings of the 4th Workshop on Cyber Security Experimentation and Test, CSET ’11, Berkeley, California, USA.
  • [53] N. Zeldovich, S. Boyd-Wickizer, E. Kohler, and D. Mazières (2006-11) Making information flow explicit in HiStar. In Symposium on Operating System Design and Implementation, Seattle, Washington.