Nov
27
to Nov 28

Reverse Engineering

Description

This course is series of hand-on excercises to teach the student how to analyse the functions of an existing binary. The course will go through analysis of malware, and identifiying the operations of binary program.

Students familiar with high level programmign languages will be shown how to decompose the binary outputs of compilers and identify program operations at the assembler and machine code level.

Topics

  • IA32 CPU architecture

    • Basics of assembly language

    • Learning basic of IA32 instructions

    • Coding assembly code using inline assembler of visual C++ (Basic code, using APIs, etc)

  • Basics of Windows kernel architecture

  • Reverse engineering

    • EXE samples generated by sample C source code

    • Sample vulnerabilities, existing Windows vulnerabilities

    • Known malware

    • Finding new vulnerabilities in sample app, making shellcode and exploits

Prerequisites:

  • Basic C Programming Knowledge

  • A laptop with Windows Vista, XP, or 2000 (As a host or as a guest image)

 

Instructor: Yuji Ukai

No bio.

 
View Event →
Nov
27
to Nov 28

Ultimate Web Hacking

Description

With every application that an organization brings online or e-business that goes live, malicious hackers are waiting to attack. This class provides security professionals with the knowledge and tools to recognize software vulnerabilities, develop countermeasures, and perform ongoing assessments of these internet facing applications. In a hands-on setting, Ultimate Web Hacking instructors offer demonstrations on how attackers can access corporate information with little more than a web browser.

In this class, the students will learn strategic, tactical and operational countermeasures to prevent hackers from exploiting web-based applications, security considerations unique to secure web applications, thorough knowledge of popular web application and infrastructure vulnerabilities including SQL injection, cross site scripting, authentication/authorization issues and session management weaknesses.

Who Should Take This Class

System and network administrators, security personnel, auditors, consultants, and/or web designers concerned with web security should take this course. Basic UNIX and Windows NT competency is required for the course to be fully beneficial.

Exercises

All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the basic hands-on experience needed to secure web applications and internet facing software.

Course Materials

  • Student manual

  • Class handouts

  • Foundstone authored book

  • Foundstone t-shirt

  • Free Tools CD with course tools and scripts

Topic

  • Introduction to Web applications

  • Profiling the environment

  • Finding vulnerabilities in configuration management

  • Parameter manipulation

  • Breaking authentication and user management

  • Breaking session management

  • Cross site scripting

  • Cross site request forgery

  • SQL Injection

  • File system traversal

  • Other grab bag topics

Prerequisite Knowledge

  • Working knowledge of Windows or Unix Operating Systems and command-line tools

  • Knowledge of HTTP, SSL and related protocols

  • Working knowledge of shell scripts, SQL, Perl and javascript

Laptop Requirements

  • Processor 1Ghz or higher

  • 512 MB RAM minimum

  • 20 GB Hard Drive space

  • 10/100/1000 NIC

  • DVD Reader

  • SVGA 1024x768 recommended

  • Keyboard & mouse or other pointing device

  • Operating System – Microsoft Windows 2000 or Windows XP

  • VMWare Player or Workstation pre-installed

 

Instructor: Yen-Ming Chen

No bio.

 
View Event →
Nov
27
to Nov 28

The Exploit Laboratory - Advanced Edition

Description

Penetration testing with canned tools and exploits is a thing of the past. As companies are getting more and more conscious of having their internal programs binary audited and reverse engineered, penetration testers are required to spot vulnerabilities in compiled code and write custom exploits for these vulnerabilities. The Exploit Laboratory takes the hacker's approach in demonstrating how seemingly trivial errors and vulnerabilities can be exploited with astonishing results. The Exploit Laboratory begins with an introduction to vulnerabilities in binary code and goes through a systematic process of debugging, reverse engineering and writing a working exploit for these vulnerabilities.

This class is aimed at demystifying the "rocket science" in writing exploits - delivered in a down-to-earth, learn-by-example methodology, by trainers who have been teaching advanced topics in computer security for over 6 years. This class does NOT require knowledge of assembly language. A few concepts and a sharp mind is all you need. Examples and exercises in this class cover both the Unix (Linux) and Microsoft Windows platforms.

Topics

  • Introduction to error conditions

  • The CPU's Registers

  • The Process memory map

  • Effective use of debuggers on Linux and Windows

  • Stack Overflows in Linux and Windows

  • Getting control of the Instruction Pointer

  • Making exploits reliable

  • Return to stack vs. return via registers

  • Advances in shellcode techniques

  • Overwriting Exception Handlers

  • Heap Overflows in Linux and Windows

  • Overwriting Global Offset Table entries

  • Exploiting Browsers

  • Format String bugs (time permitting)

Prerequisite Knowledge

  • Working knowledge of operating systems, Win32 and Unix.

  • Working knowledge of shell scripts, cmd scripts or Perl.

  • Be able to work easily with command line tools.

  • Understanding of C programming would be a bonus.

Laptop requirements

  • Hardware Requirements:

    • Intel x86 hardware required

    • 512MB RAM required, at a minimum

    • Wired 10/100 Network card

    • CDROM drive

    • 4 GB free Hard disk space

  • Operating Systems (one of the following):

    • Windows 2000 SP4/XP SP2 -OR- Linux kernel 2.4/2.6

    • For Windows users:

      • Windows 2000 SP4/XP SP2

      • Windows Vista WILL NOT WORK (you have been warned)

      • Administrator access mandatory

      • Ability to disable Anti-virus / Anti-spyware programs

      • Ability to disable Windows Firewall or personal firewall

      • Active Perl to be installed

    • For Linux users:

      • Kernel 2.4 or 2.6 required

      • Root access mandatory

      • Ability to use an X-windows based GUI environment

    • MAC OS X is currently not supported in this class. Participants may bring their Intel based MacBooks or MacBook Pros that have Windows XP running on them using Apple Boot Camp. If you wish to use Parallels Desktop, you may do so, but you are on your own when it comes to weird troubleshooting.

  • Pre-loaded software:

    • Netcat (nc)

    • SSH client (PuTTY for Windows laptop users)

    • Perl 5.8 or above (ActivePerl for Windows users)

    • Firefox browser

 

Instructor: Saumil Shah

No bio.

 
View Event →
Nov
27
to Nov 28

Advanced Honeypot Tactics

Description

This course shows how to use honeypot technologies as a concrete improvement to your organisations security defences. This course will concentrate on low-interaction honeynet technology.

  • honeyd

    • workings of honeyd

    • routing traffic to honeyd

    • simulation

      • simulation tcp/ip stacks

      • simulation of network infrastructure

      • simulation of applications

      • advanced honeyd configuration

    • centralized data collection with honeyd

      • traditional methods

      • honeyd collectorr/mustard

    • writing honeyd plugins

    • honeyd to protect cooperate infrastructure

  • Collecting malware with honeypots

    • Techniques used

    • mwcollect / nepenthes

      • How they work

      • Writing own modules

      • Analyzing the received shellcodes

      • Analyzing the captured binaries

    • Results

  • Bots/Botnets

    • Intro to bots and demo

    • Reverse engineering of bot

      • Basic techniques

      • Sandboxes

      • Ollydbg and/or IDA

  • Botnet 101

    • How they work

    • What you need to know

    • Observing them

    • Live botnet observation

  • Results

Prerequisites

Students should be familiar with honeypot concepts and have a good understanding of TCP/IP networking and analysis tools like Ethereal.

Prerequisite material

Students need to bring a computer configured with VMWare and powerful enough to run two VMware sessions at once. The computer also should have wired ethernet. Students also need to have an IRC client and the Python programming language installed. They also should have a Windows installation (native or in vmware) with OllyDbg (http://www.ollydbg.de/) installed.

 

Instrucor: Thorsten Holz

Thorsten Holz is a Ph.D. student at the Laboratory for Dependable Distributed Systems. He is one of the founders of the German Honeynet Project and has extensive background in the area of honeypots and bots/botnets. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. In addition, he is the editor-in-chief of the German IT-security magazine MISC.

 
View Event →
Nov
27
to Nov 28

Advanced Linux Hardening (and keeping your sanity)

Description

The course shows how to effectively implement modern hardening frameworks and techniques for securing Linux-based (and secondarily *NIX systems) systems by keeping things manageable and at the same time avoiding the usual madness and confusion often created by MAC/hardening frameworks.

The goal of this course is to teach hands-on how to deal with every aspect of installing, configuring and maintaining hardening frameworks and learning the available techniques and administration for securing Linux systems. You'll learn the different architectures, implementation details, administration procedures and issues related to all the covered frameworks as well as acquire the proper skills for maintaining and troubleshooting the hardened environment. Special focus will be given to security monitoring and auditing, policy development and maintenance and hardening systems integration with your favourite distribution / OS.

Topics

You'll learn:

  • basic *NIX security concepts and techniques

  • security monitoring with Host Intrusion Detection Systems (HIDS)

  • log monitoring and correlation

    • swatch / tenshi / SEC / ...

  • file system integrity checkers

    • aide / samhain / osiris / ...

  • sensible accounts and auth token management

  • One Time Passwords

  • shell account security

  • extended POSIX ACLs

  • hardening frameworks

    • PaX / ASLR / Grsecurity

    • SELinux

    • RSBAC

    • Systrace

  • GCC hardening / Stack Smashing Protection

  • ELF hardening: PIE (Position Independent Executables) / PIC (Position Independent Code)

  • secure backup architectures

  • centralized account management with LDAP

Bonus Topic:

  • genuine Italian swearing to use when things go wrong! (and impress your co-workers)

Prerequisites

  • basic command line proficiency on *NIX systems

  • basic Linux/*NIX system administration skills

  • familiarity with Makefiles / autoconf usage and package compilation and installation

  • familiarity with Linux kernel configuration / compilation / installation

  • basic scripting skills

Prerequisite material

  • Each student must bring his own laptop running a recent Linux distribution, Fedora, RHE or Gentoo/Linux are the best choices but since the class will also focus on how to deal with this frameworks on any distribution we won't require any of those as long as it's a modern distribution capable of compiling without problems.

  • Needless to say a working network adapter (along with a IPv4 TCP/IP) stack is required.

 

Instrucor: Andrea Barisani

No bio.

 
View Event →
Nov
27
to Nov 28

Binary Auditing

Description

This course's goal is to teach the whole process of auditing a binary from the moment a researcher has to face a real binary.

The class is an introduction into the different bug types and how to approach them using newest Immunity product: the VulnDev oriented Immunity Debugger.

All introductory theory given will be accompanied by hands-on labs in finding bugs and scripting the debugger to automate the process for the future.

Topics

  • Basics

    • i386 assembly for Auditing

    • Calling Convention

    • Immunity Debugger basic scripting and APIs

  • Auditing for Vulnerabilities

    • Memory Corruption

      • Where is the buffer located?

      • How many bytes can we write?

      • What data are we corrupting?

    • Dangerous API

      • Win32 API (from an auditor's perspective)

    • Unicode

    • Integer Under/Overflow

Prerequisites:

  • Basic Python Programming skills

  • Basic Debugging Knowledge

  • A laptop with Windows XP or 2000 (As a host or as a guest image)

 

Instructor: Nicolas Waisman

Nicolas Waisman is a Senior Security Researcher at Immunity, Inc. Nico is one of the driving forces behind the CANVAS exploit framework. The majority of his recent work has focused on win32 vulndev, specifically reliable heap exploitation. He also likes to sneak in the odd reverse engineering project from time to time. His most current passion is implementing MOSDEF for the PPC architecture.

 

Instructor: Kostya Kortchinski

No bio.

 
View Event →
Nov
27
to Nov 28

Practical 802.11 WiFi (In)Security

Description

Wireless LANs have been widely deployed in the past few years, simultaneously introducing an explosion of security issues and unique vulnerabilities. Despite nowadays security means, it still appears a lot of available wireless networks are not being properly secured.

This dojo training will bring you up to date with most advanced Wi-Fi security technologies, providing detailed, up to date, in-depth knowledge. Mixing both lecture and hands-on, it offers a practical approach of Wi-Fi security, learning and practising security assessment and deployment for wireless networks.

At the end of this course, you will be able to integrate secure wireless environments in your existing infrastructure and assess Wi-Fi networks security.

Topics

  • Quick Wi-Fi basics wrapup

  • Assessing Wi-Fi networks security

    • Wi-Fi networks enumeration technics and tools

    • Security features analysis

    • Weaknesses

      • Intrinsic weaknesses, basic tricks

      • WEP cracking fundamentals and technics

      • Applied malicious traffic injection

    • Targeting Wi-Fi clients

    • Wireless networks pentesting methodology

  • Building secure Wi-Fi networks

    • Wi-Fi security features

      • 802.1x authentication

      • Wi-Fi Protected Access

      • IEEE 802.11i/WPA2

      • Wi-Fi Protected Setup

    • Wi-Fi network integration w/ network architectures

    • Roadmap and key points

Prerequisites

  • Network security experience (Ethernet, TCP/IP)

  • 802.11 experience will help

  • Understanding Python programming would be a bonus

Prerequisite material

Practical exercices will require Backtrack v2 Stable Release live CDROM. Therefore, each student must bring his own laptop running this live distribution properly and be equipped with an injection capable wireless adapter (Atheros based adapter  strongly advised).

 

Instructor: Cédric Blancher

Cédric has been working in network security field for 6 years. In 2004, he joined EADS Corporate Research Center in France and now runs the IT Security Research Lab. As network security expert, he is focusing on wireless networks.

He is one of Rstack team core members and is part of French Honeynet Project with studies on honeynet containment, honeypot farms and network traffic analysis. He's been delivering technical presentations, workshops, trainings (Recon, Syscan, Pacsec/core05, Bellua), papers and articles on wireless networks security, and authored Wifitap, a Wi-Fi traffic injection based tool.

Cédric's website: http://sid.rstack.org/

 
 
View Event →