Description

The entirety of the course is student centric, hands on, and lab intensive. On day one, students will be instructed on the use of the Peach Fuzzing Platform, from a practitioner's perspective, learning the ways in which Peach can be used to fuzz a variety of targets including network protocol parsers, ActiveX/COM interfaces, file parsers, APIs, and web services. Students will build and run fuzzers that target real world applications.

On the second day, students will be exposed to the internals of Peach for a developer's perspective. The Peach architecture and module interfaces will be explained in great detail as to equip students with the skills necessary to extend and adapt Peach to their custom needs. Students will then develop their own Peach extensions in a lab environment to reinforce these concepts.

Topics

Upon completion of this course, students will be enabled to create effective fuzzers that target:

• State-aware network protocol parsers

• N-tier applications

• Arbitrary APIs

• File parsers

• COM and Active/X components

• Extend the Peach Fuzzing Platform

• Apply these concepts and tools to their unique environment

• Utilize parallel fuzzing to increase fuzzing efficiency

Prerequisite Knowledge

• Ability to use Windows XP

• Ability to use WireShark

• Working knowledge of basic XML or HTML

Laptop requirements

• A laptop capable of running two Windows XP Virtual Machines

• Dual Core machine w/2GB of RAM recommended

• One of the following Virtualalization Platforms:

  • VMWare Server 2.0

  • VMWare Player 2.0 (FREE)

  • VMWare Workstation 6.x

• One of the following devices:

  • USB 2.0 port

  • Dual Layer DVD Drive

  • 1394/Firewire port

Instructor: Michael Eddington

No Bio.

Description

Penetration testing with canned tools and exploits is a thing of the past. As companies are getting more and more conscious of having their internal programs binary audited and reverse engineered, penetration testers are required to spot vulnerabilities in compiled code and write custom exploits for these vulnerabilities. The Exploit Laboratory takes the hacker's approach in demonstrating how seemingly trivial errors and vulnerabilities can be exploited with astonishing results. The Exploit Laboratory begins with an introduction to vulnerabilities in binary code and goes through a systematic process of debugging, reverse engineering and writing a working exploit for these vulnerabilities.

This class is aimed at demystifying the "rocket science" in writing exploits - delivered in a down-to-earth, learn-by-example methodology, by trainers who have been teaching advanced topics in computer security for over 6 years. This class does NOT require knowledge of assembly language. A few concepts and a sharp mind is all you need. Examples and exercises in this class cover both the Unix (Linux) and Microsoft Windows platforms.

Topics

• Introduction to error conditions

• The CPU's Registers

• The Process memory map

• Effective use of debuggers on Linux and Windows

• Stack Overflows in Linux and Windows

• Getting control of the Instruction Pointer

• Making exploits reliable

• Return to stack vs. return via registers

• Advances in shellcode techniques

• Overwriting Exception Handlers

• Heap Overflows in Linux and Windows

• Overwriting Global Offset Table entries

• Exploiting Browsers

• Format String bugs (time permitting)

Prerequisite Knowledge

• Working knowledge of operating systems, Win32 and Unix.

• Working knowledge of shell scripts, cmd scripts or Perl.

• Be able to work easily with command line tools.

• Understanding of C programming would be a bonus.

Laptop requirements

• Hardware Requirements:

  • Intel x86 hardware required

  • 512MB RAM required, at a minimum

  • Wired 10/100 Network card

  • CDROM drive

  • 4 GB free Hard disk space

• Operating Systems (one of the following):

  • Windows 2000 SP4/XP SP2 -OR- Linux kernel 2.4/2.6

  • For Windows users:

    • Windows 2000 SP4/XP SP2

    • Windows Vista WILL NOT WORK (you have been warned)

    • Administrator access mandatory

    • Ability to disable Anti-virus / Anti-spyware programs

    • Ability to disable Windows Firewall or personal firewall

    • Active Perl to be installed

  • For Linux users:

    • Kernel 2.4 or 2.6 required

    • Root access mandatory

    • Ability to use an X-windows based GUI environment

  • MAC OS X is currently not supported in this class. Participants may bring their Intel based MacBooks or MacBook Pros that have Windows XP running on them using Apple Boot Camp. If you wish to use Parallels Desktop, you may do so, but you are on your own when it comes to weird troubleshooting.

• Pre-loaded software:

  • Netcat (nc)

  • SSH client (PuTTY for Windows laptop users)

  • Perl 5.8 or above (ActivePerl for Windows users)

  • Firefox browser

Instructor: Saumil Shah

No Bio.

Description

The course shows how to effectively implement modern hardening frameworks and techniques for securing Linux-based (and secondarily *NIX systems) systems by keeping things manageable and at the same time avoiding the usual madness and confusion often created by MAC/hardening frameworks.

The goal of this course is to teach hands-on how to deal with every aspect of installing, configuring and maintaining hardening frameworks and learning the available techniques and administration for securing Linux systems. You'll learn the different architectures, implementation details, administration procedures and issues related to all the covered frameworks as well as acquire the proper skills for maintaining and troubleshooting the hardened environment. Special focus will be given to security monitoring and auditing, policy development and maintenance and hardening systems integration with your favourite distribution / OS.

Topics

You'll learn:

• basic *NIX security concepts and techniques

• security monitoring with Host Intrusion Detection Systems (HIDS)

• log monitoring and correlation

• swatch / tenshi / SEC / ...

• file system integrity checkers

• aide / samhain / osiris / ...

• sensible accounts and auth token management

• One Time Passwords

• shell account security

• extended POSIX ACLs

• hardening frameworks

• PaX / ASLR / Grsecurity

• SELinux

• RSBAC

• Systrace

• GCC hardening / Stack Smashing Protection

• ELF hardening: PIE (Position Independent Executables) / PIC (Position Independent Code)

• secure backup architectures

• centralized account management with LDAP

Bonus Topic:

• genuine Italian swearing to use when things go wrong! (and impress your co-workers)

Prerequisites

• basic command line proficiency on *NIX systems

• basic Linux/*NIX system administration skills

• familiarity with Makefiles / autoconf usage and package compilation and installation

• familiarity with Linux kernel configuration / compilation / installation

• basic scripting skills

Prerequisite material

• Each student must bring his own laptop running a recent Linux distribution, Fedora, RHE or Gentoo/Linux are the best choices but since the class will also focus on how to deal with this frameworks on any distribution we won't require any of those as long as it's a modern distribution capable of compiling without problems.

• Needless to say a working network adapter (along with a IPv4 TCP/IP) stack is required.

Instructor: Andrea Barisani

No Bio.