Description
This course's goal is to teach the whole process of auditing a binary from the moment a researcher has to face a real binary.
The class is an introduction into the different bug types and how to approach them using newest Immunity product: the VulnDev oriented Immunity Debugger.
All introductory theory given will be accompanied by hands-on labs in finding bugs and scripting the debugger to automate the process for the future.
Topics
Basics
i386 assembly for Auditing
Calling Convention
Immunity Debugger basic scripting and APIs
Auditing for Vulnerabilities
Memory Corruption
Where is the buffer located?
How many bytes can we write?
What data are we corrupting?
Dangerous API
Win32 API (from an auditor's perspective)
Unicode
Integer Under/Overflow
Prerequisites:
Basic Python Programming skills
Basic Debugging Knowledge
A laptop with Windows XP or 2000 (As a host or as a guest image)
Instructor: Nicolas Waisman
Nicolas Waisman is a Senior Security Researcher at Immunity, Inc. Nico is one of the driving forces behind the CANVAS exploit framework. The majority of his recent work has focused on win32 vulndev, specifically reliable heap exploitation. He also likes to sneak in the odd reverse engineering project from time to time. His most current passion is implementing MOSDEF for the PPC architecture.
Instructor: Kostya Kortchinski
No bio.