CanSecWest: Security Masters Dojo Vancouver
Assured ExploitationRegister for March 5th to 6th Course
Many security professionals have mastered stack overflows and heap spraying, but these techniques are rarely sufficient when developing modern real-world exploits. Reliable exploitation on Vista and Windows 7 systems requires advanced techniques such as heap layout manipulation, return oriented programming and ASLR information leaks. In addition, robust exploitation necessitates repairing the heap and continuing execution without crashing the process. This course focuses on teaching the principles behind these advanced techniques and will give the students hands-on experience developing real-world exploits.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
The course will start off with an in-depth review of the exploitation mitigations introduced in modern operating systems. The instructors will demonstrate their limitations through simple examples and gradually develop the basic exploitation techniques into more complicated methods applicable to real-world exploitation. Unlike most other exploitation courses, we will focus on approaching exploitation as a creative problem-solving process rather than an exercise of applying cookbook techniques to common types of vulnerabilities. Most of the course will focus on the hands-on application of the material through exercises and leading the students through the development of reliable exploits for recently patched vulnerabilities in widely used software. Each student will finish the class with their own personally developed exploit for the Aurora vulnerability in Internet Explorer that evades ASLR and DEP and reliably exploits Windows 7.
- In-depth review of GS, ASLR, DEP, SafeSEH and SEHOP exploitation mitigations
- Heap implementation details and manipulation of the heap state (including Windows 7 heap)
- Building primitives for heap layout control in new applications
- Return oriented programming and shellcode development
- Implementing a universal bypass of DEP and ASLR in Internet Explorer 8
- Multistage stack pivots
Students are expected to be familiar with the basic exploitation techniques for stack and heap overflows on Windows, as described in the Shellcoder's Handbook and similar books. They should be comfortable using assembly level debuggers and have basic familiarity with reverse engineering. The material in this course is designed to be challenging, but we believe that with the help of our expert instructors any dedicated student will be able to master it.
All hands-on exercises in the course will be performed in virtual machines provided by the trainers. You will need a laptop with VMware Workstation 6 or later, or VMware Fusion 2 or later if using a Mac. The minimum hardware requirements for the laptop are 2GB of memory (3GB or more recommended) and a processor equivalent to a 2.4GHz Core2 Duo.