CanSecWest Vancouver 2011

Site menu:

Register | Conference | Dojo | Speakers | Agenda | Past Events | Hotel & Travel | Contact

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

Course: Assembly for Exploit Writing

Instructor:
Gerardo Richarte (Core Security Technologies)

Register For This Course

Description

Trying to understand code execution vulnerabilities without understanding assembly is nonsense. We will start from scratch to learn assembly, going from no-assembly to understanding how buffer overflows, integer overflow and sign mistmatches work, what are the possibilities of their exploitation and hopefuly more.

The attendee will learn assembly, how to use a debugger, how to code small assembly programs and how to do basic exploits. There's no doubt he'll understand and learn to draw the stack (of utter importance for exploit writing), and if nothing else, what's more important, how to have lots of fun playing the ultimate game against other coders: how is it possible to make their programs do what YOU want.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

During the course the student will invest a portion of his/her time working on the computer, solving exercises, and reinforcing all the new concepts and ideas. This way we'll focus on setting the cornerstone where he'll be able to build all his future knowledge on exploit writing. Not focusing on going too far, but rather going deeper.

The course will be heavily based on IA32 (x86) assembly.

You'll [hopefully] learn:

• Assembly reading
• Assembly writing (basics)
• Debugging (in windows at least)
• Reverse engeneering (basics)
• Buffer overflows
• Buffer overflows exploitation (some kinds)
• Integer overflows
• Sign-missmached comparisions
• How C is compiled into assembly

Prerequisites

Basic C reading/understanding skills.

Good coding experience in any language. (C, perl, python, pascal, Smalltalk, any other)

Prerequisite material

• A computer running Windows (2k or higher prefered)
• Your language of choice installed (C compiler, perl or python interpreter, Smalltalk, any other)
• OllyDbg installed (or we'll install it in the class)
• Networking (you'll probably want to use our internet access)
• You'll have to copy a few small files to your box (either network, CD or USB drive is fine)
• Gray matter

Sponsors:

More Information:

Sponsorship Information | Valid XHTML | Valid CSS

Wise words:

"Sen Sen No Waza - to strike the opponent after he has formed the intention to attack and has committed to a specific motion."

Copyright © dragostech.com inc. All Rights Reserved.