Binary Vulnerabilities and Exploit Writing by Gerardo 'gera' Richarte

If you can at least read assembly and want to learn about buffer overflows, format strings, integer bugs, and more importantly, how to write exploits to take advantage of them, this class is for you.

Instructor: Gerardo 'gera' Richarte
Dates: 6-8 July 2010
Availability: 10 Seats

We'll start with a very quick review of assembly understanding and debugging, to immediately dive into how buffer overflows, format strings and integer bugs work. We'll see how we could exploit this vulnerabilities, we'll laugh on some protection mechanisms, write some basic shellcode, and more!

To assist the class you have to be able to read assembly, know how to use a debugger and how to code basic assembly code sequences.

In the class you'll learn how to exploit binary vulnerabilities, how to bypass some protection mechanisms, and how to write custom shellcodes. There's no doubt you'll understand and learn to draw the stack (of utter importance for exploit writing), and if nothing else, what's more important: We'll have lots of fun playing the ultimate game against other coders: how is it possible to make their programs do what YOU want.

During the course you'll invest a significant portion of your time working on the computer, solving exercises, and reinforcing all the new concepts and ideas. This way we'll focus on setting the cornerstone where you'll be able to build all your future knowledge on exploit writing. Not focusing on going too far, but rather going deeper.

The class will be heavily based on IA32 (x86) assembly, although we'll review some of the differences with IA64. Although the class is originally thought to be tough on Windows, all exercises could be also solved on Linux. Please, let us know if you have a specific preference regarding the Operating System where you want to practice.

You'll [hopefully] learn:

* Buffer overflows
* Buffer overflows exploitation (some kinds)
* Integer bugs (overflows and sign mismatches)
* Integer bugs exploitation (some kinds)
* Format strings
* Format string exploitation (some kinds)
* How C is compiled into assembly
* Basic shellcoding
* Some protection mechanisms

Prerequisite knowledge

* Assembly reading
* Native (assembly) debugging
* Basic C reading/understanding skills
* Programming in some [preferably] scripting language

Prerequisite material

* A computer running Windows (2k or higher preferred)
* Your [scripting] language of choice installed
* OllyDbg or IDA installed (or we'll install OllyDbg in the class)
* Networking (you'll probably want to use our internet access)
* You'll have to copy a few files to your box (either network, CD or USB drive is fine)
* Gray matter


In the last 17 years Gerardo 'gera' Richarte has been dedicated to computer security.

He has spoken in different conferences including BlackHat, CanSecWest and PacSec among others, and taught assembly language and exploit writing classes for private, public and military students.

For the last 14 years he's been part of Core Security Technologies, were he was a Sr. Security Consulting, Sr. Security Software Engineer and Reverse-Engineer, and has been working, for the last 7 years, as an Expert Exploit Writer, technically leading the exploit writing team for the CORE IMPACT product.

During all these years he's published some papers, advisories and open source tools as a humble thank you to the community that has given so much to him.