Instructors: Saumil Shah
Dates: 25-26 June 2014
Capacity: 25 Seats
The Exploit Laboratory returns to REcon for the fourth year in 2014. This year, we have two classes back-to-back, featuring advanced topics in exploit development, specially crafted for REcon.
The Exploit Laboratory: Master features advanced topics in exploit development. This 2 day class is designed for participants already familiar with exploit development and need to take their skills to the next level. The Master edition course is an ideal extension of the Exploit Laboratory: Red Team class. The class is primarily driven by lab examples and exercises, with very little theoretical teaching.
Topics covered in the Master edition include advanced browser exploits, advanced heap spray techniques, bypassing ASLR using memory leak exploits, compound "pwn2own style" exploits, variations on ROP chains, server side heap spraying, kernel exploits, using ROP in kernel exploits and an introduction to 64-bit exploitation.
The Master edition is an all new advanced/uber-advanced level class being introduced for the first time at the REcon 2014.
As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 8 years have been working hard in putting together advanced material based on past feedback.
NOTE: THIS CLASS CAN BE COMBINED WITH THE EXPLOIT LABORATORY: RED TEAM AS A 4 DAY COURSE.
Concepts taught using slides and on-screen demos.
Hands-On labs for each module.
Participants are required to bring their own laptops to class.
Do-It-Yourself approach to learning.
All lab exercises shall be distributed as VMware virtual system images.
* Quick refresher on browser exploits
* Quick refresher on Use-After-Free bugs and vtable overwrites
* Practical ROP Exploits on Windows - part 2
* Memory Leak exploits and bypassing ASLR
* Compound exploits
Day 2
* Server side heap spraying
* Practical server side ROP exploit on Linux
* Introduction to Kernel Exploitation
* Remote Kernel Exploitation on Windows 7 using ROP
* Introduction to exploits on 64-bit systems
* Quick refresher on browser exploits
* Quick refresher on Use-After-Free bugs and vtable overwrites
* Practical ROP Exploits on Windows - part 2
* Memory Leak exploits and bypassing ASLR
* Compound exploits
* Server side heap spraying
* Practical server side ROP exploit on Linux
* Introduction to Kernel Exploitation
* Remote Kernel Exploitation on Windows 7 using ROP
* Introduction to exploits on 64-bit systems
* Past students of The Exploit Laboratory: Black Belt who need more pwnage!
* Red Team members, who want to pen-test custom binaries and exploit custom built applications.
* Bug Hunters, who want to write exploits for all the crashes they find.
* Members of military or government cyberwarfare units.
* Members of reverse engineering research teams.
* Pen-testers, Security analysts, Security auditors, who want to take their skills to the next level and write their own exploits instead of borrowing them.
Prerequisites:
* All topics covered in The Exploit Laboratory: RED TEAM or other Advanced exploit development classes.
* -or- an equivalent level of confidence and recklessness.
* SKILL LEVEL: ADVANCED
Tutorials:
The Exploit Laboratory: Master is an advanced class. The class assumes you are well versed with the concept of Return Oriented Programming and putting together a ROP chain by hand. If you wish to refresh your ROP concepts, do go through the following tutorial:
Hardware Requirement:
* A working laptop (no Netbooks, no Tablets, no iPads)
* Intel Core 2 Duo x86/x64 hardware (or superior) required
* 4GB RAM required, at a minimum, 8GB preferred, and anywhere in between shall be tolerated
* Wireless network card
* 20 GB minimum free Hard disk space
* Working USB port (should not be DLP disabled!)
Minimum Software to install:
* Linux / Windows / Mac OS X desktop operating systems
* VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
* Administrator / root access MANDATORY
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.
Click here to register.