Recon 2012

The exploit laboratory 3 Day Recon Edition by Saumil Udayan Shah and Josh Ryder


The Exploit Laboratory Advanced Edition is an intense 3 day course carefully crafted to provide students a practical hands-on approach to exploiting modern day operating systems. Topics covered in the class include user mode and kernel mode exploitation, use-after-free bugs, advanced heap spraying, leaking pointers and integer overflows. Class examples include browser exploitation, VoIP, and Flash exploits, plus techniques to bypass system protections such as DEP and ASLR. By the end of the class students will be using Return Oriented Programming and have running exploits on Windows 7 and Android operating systems.

After launching The Exploit Laboratory at RECON 2011, we are back again with a specially designed Exploit Lab for Recon featuring a 3-day training format. The class is an intermediate to advanced level class, for those curious to dig deeper into the art and craft of software exploitation. The Exploit Lab Recon edition primarily covers browser, PDF and kernel exploitation on modern day operating systems. We begin with a quick overview of stack overflows, exception handler abuse, memory overwrites, and other core concepts. The class then moves on to use-after-free bugs and vtable overwrites, especially applicable to browser and PDF exploits. The class also spends a lot of time focusing on defeating modern day exploit mitigation techniques like DEP and ASLR using Return Oriented Programming (ROP). And lastly, we cover remote kernel exploitation on Windows.

The Exploit Laboratory Recon Edition requires a lot of hands on work. Lab examples used in this class cover Linux and Microsoft Windows platforms, featuring popular third party applications and products instead of simulated lab exercises.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over six years have been working hard in putting together advanced material based on past feedback.

Dates: 11-13 June 2012
Availability: 25 Seats

Learning Objectives:
* Stack Overflows (Linux and Windows)
* Abusing Structured Exception Handlers on Windows
* Use-after-free bugs and vtable overwrites
* Browser Exploits
* PDF Exploits
* Defeating DEP using Ret2LibC
* Introduction to Return Oriented Programming
* ROP gadgets and stack flips.
* ROP shellcode loaders
* Practical ROP Exploits
* Bypassing ASLR on Windows 7
* Advanced Heap Spray techniques
* Introduction to Kernel Exploitation
* Remote Kernel Exploitation on Windows 7

Target Audience:
* You have already written basic exploits and are adept at operating system concepts
* You're not afraid of debuggers
* You are one of the ever curious I-want-more-breakage kind!
* You're left wanting after completing The Exploit Laboratory

Day 1 - Breakage
* Introduction to systems concepts
* Using GDB and WinDBG
* Stack overflows on Linux and Windows
* Browser and PDF exploitation
* Use-after-free bugs
* vtable overwrites

Day 2 - Exploit Mitigation Bypass
* Defeating DEP using Ret2LibC
* Introduction to Return Oriented Programming
* ROP gadgets and stack flips.
* ROP shellcode loaders
* Practical ROP Exploits
* Bypassing ASLR on Windows 7

Day 3 - Advanced Techniques and Kernel Exploitation
* Introduction to Kernel Exploitation
* Remote Kernel Exploitation on Windows 7
* Advanced Heap Spray techniques
* Exploit exercises

Class Requirements

* Have a working knowledge of operating systems, Win32 and Unix.
* Not be allergic to command line tools.
* Use vi/pico/joe editors.
* Have a working knowledge of shell scripts, cmd scripts or Perl.
* Understanding of C programming would be a bonus.

Hardware Requirements:
* A working laptop (no Netbooks)
* Intel Core 2 Duo x86/x64 hardware (or superior) required
* 4GB RAM required, at a minimum
* Wireless network card
* 20 GB free Hard disk space

Software Requirements:
* Windows XP SP3 / Windows 7 / Linux kernel 2.4 or 2.6 / Mac OS X 10.6 or 10.7 (Intel only)
* VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
* Administrator / root access MANDATORY
* Ability to disable Anti-virus software on your laptop
* Ability to disable Host firewall
* Perl 5.8
* An SSH client, such as PuTTY
* Netcat

NOTE: If your laptop is a locked-down company issued laptop, please make sure you have VMWare Workstation or VMWare Player installed by your administrator before you come to class.



Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest,, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

To Register

Click here to register.