Recon - PREVIEW

Recon 2011

Speakers
Josh Ryder
Saumil Shah
Schedule
Day Training - 2011-07-06
Room TRAINING ROOM 5
Start time 09:00
Duration 03:00
Info
ID 169
Event type Workshop

The exploit laboratory Advanced Edition

The Advanced Edition begins with a quick overview of stack overflows, exception handler abuse, heap overflows, memory overwrites, and other core concepts. We shall then focus on topics which involve breaking exploit prevention techniques like non executable stack, DEP, and ASLR. We finish with sessions on techniques such as return to libc, advanced heap spraying, return oriented programming and JIT spraying.

Dates: 6-7 July 2011 Availability: 20 Seats

The Exploit Laboratory Advanced Edition is a new and advanced class continuing from where The Exploit Laboratory leaves off. This class is for those curious to dig deeper into the art and craft of software exploitation. The Advanced Edition begins with a quick overview of stack overflows, exception handler abuse, heap overflows, memory overwrites, and other core concepts. The class then moves to deeper vulnerabilities such as integer overflows and format string bugs. We shall then focus on topics which involve breaking exploit prevention techniques like non executable stack, DEP, ASLR, etc. This class also features sessions on techniques such as return to libc, advanced heap spraying, return oriented programming and JIT spraying.

The Exploit Laboratory Advanced Edition requires a lot of hands on work. Lab examples used in this class cover Unix (Linux and Mac OS X) and Microsoft Windows platforms, featuring popular third party applications and products instead of simulated lab exercises.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over five years have been working hard in putting together advanced material based on past feedback.

The Exploit Laboratory Advanced Edition is an advanced class. We mean it. It is not recommended for those who have no prior experience with writing exploits. Please read the pre-requisites section carefully before signing up for this class!

Learning Objectives:

  • Quick overview of stack overflows and memory overwrites
  • Advanced debugging techniques
  • Defeating non-executable stack by return-to-libc techniques
  • Bypassing DEP
  • Bypassing ASLR
  • Return Oriented Programming (ROP)
  • Advanced browser exploitation
  • JIT spraying techniques
  • PDF exploits
  • Kernel exploitation
  • Integer overflows
  • Format string bugs (time permitting)

This class is for you if:

  • You have already written basic exploits and are adept at operating system concepts
  • You're not afraid of debuggers
  • You are one of the ever curious I-want-more-breakage kind!
  • You're left wanting after completing The Exploit Laboratory Class Requirements

Prerequisites:

  • You must be familiar with debuggers, and know how to use gdb and WinDBG
  • You must know how stack overflows work
  • You must be familiar with OS concepts, process memory maps, how the stack works and how the heap works.
  • You are not afraid of the command-line.

Hardware Requirements:

  • A working laptop (no Netbooks)
  • Intel Core 2 Duo x86 hardware (or superior) required
  • 2GB RAM required, at a minimum, 4GB preferred, and anywhere in between shall be tolerated
  • Wired or Wireless network card
  • 12 GB free Hard disk space

Software Requirements:

  • Windows XP SP3 / Windows 7 / Linux kernel 2.4 or 2.6 / Mac OS X 10.5 or 10.6 (Intel only) * VMWare Player or VMWare Workstation MANDATORY
  • Administrator / root access MANDATORY * Ability to disable Anti-virus / Anti-spyware programs
  • Ability to disable Windows Firewall or personal firewalls
  • Perl 5.8
  • An SSH client, such as PuTTY
  • NetCat

NOTE: If your laptop is a locked-down company issued laptop, please make sure you have VMWare Workstation or VMWare Player installed by your administrator before you come to class.

NOTE: Please read the above note SERIOUSLY!