Hacking in C
Course infoSchedule
Course moduleNWI-IPC025
Credits (ECTS)3
CategoryPB (Propaedeutic)
Language of instructionEnglish
Offered byRadboud University; Faculty of Science; Informatica en Informatiekunde;
dr. ing. P.J.M. van Aubel
Other course modules lecturer
prof. dr. P. Schwabe
Other course modules lecturer
prof. dr. P. Schwabe
Other course modules lecturer
Contactperson for the course
prof. dr. P. Schwabe
Other course modules lecturer
Academic year2017
KW3  (05/02/2018 to 15/04/2018)
Starting block
Course mode
Registration using OSIRISYes
Course open to students from other facultiesYes
Waiting listNo
Placement procedure-
After the course students can:
  • explain how standard C data types are represented, and write C programs to inspect and manipulate these representations
  • explain how the stack and heap are used to allocate data in C programs
  • write C programs that makes use of pointers and pointer arithmetic
  • explain how the stack is used to administer procedure calls
  • explain how buffer overflows work
  • explain some of the countermeasures against these vulnerabilities, how these work, and apply some of them
  • develop simple exploits for code with buffer overflow weaknesses.
Most security problems have their origin in software, esp.  software that is accessible via the internet. This course is about software security vulnerabilities, standard types of such vulnerabilities, what the causes are, what can be done about them and how they can be detected and exploited.
This course concentrates on typical security problems in C(++) programs and machine code, related to memory management: buffer overflows (on heap and stack), integer overflows, and format string attacks.
Online, distributed via Blackboard. Optionally, students can use Chapter 3 of Introduction of Computer Security, by Michael Goodrich & Roberto Tamassia , Pearson New International Edition, ISBN 10: 1-292-025490-9, ISBN 13: 9781292025407, 2013. Buying the book for this course is not necessary, but the book is used in other security courses, notably Software en Web Security 2.

Teaching formats
• 16 hours computer course
• 16 hours lecture
• 52 hours individual study period

Extra information teaching methods: The course consists of lectures that explain the principles, and a computer lab where students work with the problems in practice, by writing and exploiting C programs.

Additional comments
This course is taught in English.

• representatie of data in C
• allocatie of data on stack and heap
• pointers, malloc, calloc, free, and pointer arithmetic
• organisation of information on the stack
• buffer overflows (heap- and stack-based), format string attacks and integer overflows
• simple prevention, detection (both dynamic and static) and exploitation of such weaknesses

Test information
Project work and written exam.

Processoren and Imperatief Programmering

Required materials
Necessary materials will be posted on the course website.

Recommended materials
Studenten can also use chapter 3 from "Introduction of Computer Security", by Michael Goodrich & Roberto Tamassia, Pearson New International Edition.

Instructional modes


Practical computer training


Test weight1
OpportunitiesBlock KW3, Block KW4