Dynamic Memory Allocator

Wrote a 64-bit general purpose dynamic storage allocator for C programs; with own version of the malloc, free, realloc, and calloc functions. It is a struct-based explicit free list memory allocator with Performance Optimizations on design decisions with average Utilization 75% and throughput of 14182 Kops/sec. It sequentially goes through each block in the explicit free list, seggregated based on range of sizes requested to allocate.

Cache Optimization

Understood the impact that cache memories can have on the performance of your C programs. The project consists of two parts. In the first part is to write a small C program (about 200-300 lines) that simulates the behavior of a hardware cache memory. It uses the LRU (least-recently used) replacement policy when choosing which cache line to evict. In the second part, we optimize a small matrix transpose function, with the goal of minimizing the number of cache misses.

HTTP Proxy

Wrote a simple HTTP proxy that caches web objects. The projects starts with setting up the proxy to accept incoming connections, read and parse requests, forward requests to web servers, read the servers’ responses, and forward those responses to the corresponding clients. It also deals with multiple concurrent connections, a crucial systems concept. Added caching to proxy using a simple main memory cache of recently accessed web content.

Stack Smashing & ROP Attacks

Exploit security weaknesses in operating systems and network servers to understand about the runtime operation of programs and to understand the nature of these security weaknesses so that we can avoid them while writing system code. Using gadgets for code corresponding to assembly-language statements generated by the compiler, especially ones at the ends of functions to thwart ASLR defense.

Poodle Attacks

Also Known as 'Padding Oracle Attack' enables an attacker to decrypt encrypted data without knowledge of the encryption key and used cipher by sending skillful manipulated cipher texts to the padding oracle and observing of the results returned by it. This causes loss of confidentiality of the encrypted data. E.g. in the case of session data stored on the client side the attacker can gain information about the internal state and structure of the application.

A padding oracle attack also enables an attacker to encrypt arbitrary plain texts without knowledge of the used key and cipher. If the application assumes that integrity and authenticity of the decrypted data is given, an attacker could be able to manipulate internal session state and possibly gain higher privileges.

Nikto Scanning ,Exploitation & Mitigation

Many web application vulnerabilities arise due to improper input sanitization and improper server configuration. Through this project, we show how these can be enumerated by automated scanners(Nikto). We make use of Web Applications like mutillidae and DVWA which have been made vulnerable on purpose. Second phase of project deals with the use of web application firewalls (WAF) to stop some of these attacks. The WAF we use in the lab is apache modsecurity.

Unix Shell

Wrote a Linux shell capable of forking and handling child processes, supporting fg/bg jobs, IO redirection & commands such as ’&’,’kill’. (C)

MD5 Collision Attack

Completed collision generated attack against Cryptographic MD5 hash function between pair of executable programs (C)

Data Lab

The purpose of this assignment was to become more familiar with bit-level representations of common patterns, integers, and floating-point numbers. Solved a series of programming “puzzles.”