CanSecWest: Security Masters Dojo Vancouver
| Next Session Dates: | March 22-23 2010 |
| Venue: |
Sheraton Wall Center Vancouver, Canada |
| Duration: |
1 or 2 Day Courses. Sessions begin at 10:00 a.m. and go to 6 p.m. |
|
Registration Maximum: |
15 Students per course session. |
The Exploit Laboratory - Advanced Edition
Instructor:
Saumil SHAH <saumil at saumil dot net>
Register For This Course
Description
Have you ever found yourself staring at a vulnerability advisory with some proof-of-concept snippets and wished the author had rather attached a working exploit with it? Have you wished you could analyze vulnerabilities and write your own exploits for them? Have you wanted to debug and exploit custom built applications and binaries?
Now in its third year, the Exploit Laboratory brings you an action packed 2-day class teaching you the art of vulnerability analysis and exploitation from the ground up. The Exploit Laboratory starts off with a basic insight into system architecture, process execution, operating systems and error conditions. The class then quickly accelerates to analysing vulnerabilities with debuggers, reproducing reliable error conditions and writing working exploits for the same. The Exploit Laboratory features popular third party applications and products as candidates for vulnerability analysis and exploitation, rather than building up on carefully simulated lab exercises. Most of the class time is spent working on lab exercises and examples.
Lab examples and exercises used in this class cover both the Unix (Linux) and Microsoft Windows platforms, illustrating various error conditions such as stack overflows, heap overflows and format string bugs (time permitting). The latter part of the class focuses on topics such as bypassing protection mechanisms, multi-stage payloads, integrating your own exploits into frameworks such as Metasploit, etc.
All this - delivered in a down-to-earth, learn-by-example methodology, by trainers who have been teaching advanced topics in computer security for over 9 years.
This class is updated from the 2008 edition, featuring new content on heap overflows, abusing exception handlers and more hands-on examples based on recent vulnerabilities. The class features Mac OS X exploitation, for the first time. This class does NOT require knowledge of assembly language. A few concepts and a sharp mind is all you need.
Topics
- Understanding Error Conditions
- Types of error conditions: Stack Overflows, Heap Overflows, Format String bugs, etc.
- Process execution and memory map under Linux and Windows
- Debugging applications and sharpening debugging skills, using GDB and WinDBG
- Putting together an exploit
- Shellcode - various types of shellcode and functionality
- Crafting the attack vector and payload
- Making the exploit work reliably
- Stack overflows on Linux and Windows
- Return to stack vs. Return through registers
- Abusing Structured Exception Handlers
- Heap overflows in Linux
- Overwriting the Global Offset Table
- Heap overflows in Windows
- Format string bugs [time permitting]
- Browser exploitation [new]
- Using and extending the Metasploit framework [time permitting]
- Exploits on Mac OS X [new]
- Defeating Browser memory protection and DEP [new]
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
Prerequisite Knowledge
- Working knowledge of operating systems, Win32 and Unix.
- Working knowledge of shell scripts, cmd scripts or Perl.
- Be able to work easily with command line tools.
- Understanding of C programming would be a bonus.
Laptop requirements
The Exploit Laboratory is an intense hands-on class. The labs are delivered using VMware images handed out in class. Each participant has to have a laptop capable of running VMware (workstation or player) and additional attack tools. All target images shall be presented during class. Please bring a working and tested laptop with the following hardware/software requirements:
- Hardware Requirements:
- Intel x86 hardware required
- Intel Core (or equivalent) CPU required for Mac OS X exploitation labs
- 1GB RAM required, at a minimum, 2GB preferred and anywhere inbetween shall be tolerated
- Wired Ethernet Network card (no wireless network in class)
- DVD-ROM drive (built in or portable. This is a must)
- 8 GB free Hard disk space (12 GB free preferred)
- Operating Systems (one of the following):
- Windows XP SP2 or SP3 (no Vista)
- Windows Vista DOES NOT WORK (you have been warned)
- Administrator access mandatory
- Ability to disable Anti-virus / Anti-spyware programs
- Ability to disable Windows Firewall or personal firewall
- Linux kernel 2.4 or 2.6
- Kernel 2.4 or 2.6 required
- Root access mandatory
- Ability to use an X-windows based GUI environment
- MAC OS X is not "officially" supported in this class. However, participants have successfully used Intel based MacBooks or MacBook Pros in previous classes. The ultra sleek MacBook Air won't work - unless you bring along a portable DVD drive and a wired Ethernet adapter of some sort. All Mac OS X users are required to bring their copies of VMWare Fusion as long as you can run virtual machine images created in VMWare Workstation 5 and above.
- Windows Vista is NOT supported in this class. Vista's protection features break many simple tools such as Netcat. We are not "competent enough" to troubleshoot Vista issues.
- Windows XP SP2 or SP3 (no Vista)
- Pre-loaded software:
- VMWare Player (or Workstation)
- VMWare Server DOES NOT WORK
- Mac OS X users, bring a copy of VMWare Fusion
- Parallels Desktop isn't supported
- Netcat (nc)
- SSH client (PuTTY for Windows laptop users)
- Perl 5.8 or above (ActivePerl for Windows users)
- Firefox browser
All participants shall get a clear list of laptop preparation instructions approximately a week before the class. Please come prepared - we will save precious time in setups and spend it playing with exploits instead!
