Description

Penetration testing with canned tools and exploits is a thing of the past. As companies are getting more and more conscious of having their internal programs binary audited and reverse engineered, penetration testers are required to spot vulnerabilities in compiled code and write custom exploits for these vulnerabilities. The Exploit Laboratory takes the hacker's approach in demonstrating how seemingly trivial errors and vulnerabilities can be exploited with astonishing results. The Exploit Laboratory begins with an introduction to vulnerabilities in binary code and goes through a systematic process of debugging, reverse engineering and writing a working exploit for these vulnerabilities.

This class is aimed at demystifying the "rocket science" in writing exploits - delivered in a down-to-earth, learn-by-example methodology, by trainers who have been teaching advanced topics in computer security for over 6 years. This class does NOT require knowledge of assembly language. A few concepts and a sharp mind is all you need. Examples and exercises in this class cover both the Unix (Linux) and Microsoft Windows platforms.

Topics

• Introduction to error conditions

• The CPU's Registers

• The Process memory map

• Effective use of debuggers on Linux and Windows

• Stack Overflows in Linux and Windows

• Getting control of the Instruction Pointer

• Making exploits reliable

• Return to stack vs. return via registers

• Advances in shellcode techniques

• Overwriting Exception Handlers

• Heap Overflows in Linux and Windows

• Overwriting Global Offset Table entries

• Exploiting Browsers

• Format String bugs (time permitting)

Prerequisite Knowledge

• Working knowledge of operating systems, Win32 and Unix.

• Working knowledge of shell scripts, cmd scripts or Perl.

• Be able to work easily with command line tools.

• Understanding of C programming would be a bonus.

Laptop requirements

• Hardware Requirements:

  • Intel x86 hardware required

  • 512MB RAM required, at a minimum

  • Wired 10/100 Network card

  • CDROM drive

  • 4 GB free Hard disk space

• Operating Systems (one of the following):

  • Windows 2000 SP4/XP SP2 -OR- Linux kernel 2.4/2.6

  • For Windows users:

    • Windows 2000 SP4/XP SP2

    • Windows Vista WILL NOT WORK (you have been warned)

    • Administrator access mandatory

    • Ability to disable Anti-virus / Anti-spyware programs

    • Ability to disable Windows Firewall or personal firewall

    • Active Perl to be installed

  • For Linux users:

    • Kernel 2.4 or 2.6 required

    • Root access mandatory

    • Ability to use an X-windows based GUI environment

  • MAC OS X is currently not supported in this class. Participants may bring their Intel based MacBooks or MacBook Pros that have Windows XP running on them using Apple Boot Camp. If you wish to use Parallels Desktop, you may do so, but you are on your own when it comes to weird troubleshooting.

• Pre-loaded software:

  • Netcat (nc)

  • SSH client (PuTTY for Windows laptop users)

  • Perl 5.8 or above (ActivePerl for Windows users)

  • Firefox browser