EXPLOIT DEVELOPMENT CLASS

In the class you'll learn how to exploit binary vulnerabilities,How to bypass a couple of protection mechanisms such as DEP, ASLR, GS, and how to write customized shellcodes.

During the course you'll invest a significant portion of your time working on the computer, solving exercises, and reinforcing all the new concepts and ideas. Moreover, we will set up group projects to directly evaluate the understanding and put into practice. This way we'll focus on setting the cornerstone where you'll be able to build all your future knowledge on exploit writing. Not focusing on going too far, but rather going deeper.

You'll be able to get:

  • * Buffer overflows
  • * Buffer overflows exploitation
  • * Integer bugs (overflows and sign mismatches)
  • * Integer bugs exploitation
  • * Format strings
  • * Format string exploitation
  • * How C is compiled into assembly
  • * Basic shellcoding
  • * Some protection mechanisms

Student Pre-requisite

To assist the class you have to be able to read assembly, know how to use a debugger and how to code basic assembly code sequences.
* Assembly reading
* Native (assembly) debugging
* Basic C reading/understanding skills
* Programming in some languages such as X86

Software Requirement

* A computer running Windows XP
* OllyDbg IDA installed (or we'll install OllyDbg in class)
* Microsoft Visual Studio is a plus

Hardware Requirement

Fast enough to run at least 1 virtual OS
USB port to get additional software from the class
Ethenet port to connect to local LAN
At least 5GB of free hardisk space

Course Outline

Basic Training (5 days)

Day 1
  • Foundations of Reversing
  • The Reversing Process
  • Program Structure
  • Common Code Constructs
  • Low level data management - Stacks, Heaps and Data sections
  • Windows Memory Management
  • Hacker Took-kit
  • Defining the Win32 API
  • Writing Shell-code

Day 2
  • Basic Buffer Overflow
  • Buffer Oveerflow + SEH Exploitation / Security Cookies Bypass
  • RET2LIB

Day 3
  • Heap Spray Cass Study VML
  • Bypass ASLR + DEP Exploitations
  • Finding and Using ROP Gadgets

Day 4
  • Type of security vulnerabilities
  • Writing Fuzzing System/Office
  • Hunting Zero days(Day in a life of hacker)
  • Using IDA to diff binaries
  • Using other code coverage tools - OllySnake
  • Protocol reversing - Case study Winny P2P

Day 5
  • Summary exercises

About Instructor

Moti Joseph has been involved in computer security since 2000. He has been working on reverse engineering exploit code and developing security products for CheckPoint and WebSense Secuirty Labs and currenlty for COSEINC and spoken in different conferences including

  • (*) at Blackhat USA Las Vegas 2007
  • (*) at Shanghai Jiao Tong University 2010
  • (*) at SysCan2010 Taiwan, Taipei
  • (*) at CONF2010 Poland, Karkow
  • (*) at CONF2009 Poland, Warsaw
  • (*) at ShakaCon 2009 USA
  • (*) at POC 2009 South Korea and 2010 Seoul