Instructors: Saumil Shah and S.K. Chong
Dates: 18-20 June 2013
Availability: 25 Seats
The Exploit Laboratory shall return to REcon for the third year in 2013. This year, we shall again offer a 3-day class featuring advanced topics in exploit development, specially crafted for REcon. The focus of the class is to bring participants up to speed on the complexities of exploit writing required for defeating modern exploit mitigation techniques.
Topics covered in the class include user mode and kernel mode exploitation, use-after-free bugs, Return Oriented Programming (ROP), advanced heap spraying, and Pwn2Own style exploitation using leaked pointers, dynamic ROP chains and an introduction to Kernel exploitation. Class examples include Browser, PDF, and Flash exploits.
To add extra punch, we are introducing an all new section practical exploitation of browsers on the Android platform and working with ARM exploits. This is one class you don't want to miss!
As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for eight years have been working hard in putting together advanced material based on past feedback.
Day 1: Breakage
* Introduction to systems concepts
* A quick refresher on Stack Overflows
* Browser and PDF exploitation
* Use-after-free bugs
* vtable overwrites
Day 2: Exploit Mitigation Bypass
* Defeating DEP using Ret2LibC
* Introduction to Return Oriented Programming
* ROP gadgets and stack flips.
* ROP shellcode loaders
* Practical ROP Exploits
* Bypassing ASLR
* Advanced Heap Spray techniques for newer browsers
Day 3: Advanced Techniques and Kernel Exploitation
* Leaked memory pointers and Dynamic ROP chains
* Introduction to Kernel Exploitation
* Remote Kernel Exploitation on Windows 7
* Introduction to the Android Platform
* Practical exploitation of Webkit on Android
* A quick refresher on Stack Overflows
* Use-after-free bugs and vtable overwrites
* Browser Exploits
* PDF Exploits
* Defeating DEP using Ret2LibC
* Introduction to Return Oriented Programming
* ROP gadgets and stack flips.
* ROP shellcode loaders
* Practical ROP Exploits
* Bypassing ASLR
* Advanced Heap Spray techniques for newer browsers
* Leaked memory pointers and Dynamic ROP chains
* Introduction to Kernel Exploitation
* Remote Kernel Exploitation on Windows 7 using ROP
* Introduction to the Android Platform
* Practical exploitation of Webkit on Android
* Red Team members, who want to pen-test custom binaries and exploit custom built applications.
* Bug Hunters, who want to write exploits for all the crashes they find.
* Members of military or government cyberwarfare units.
* Members of reverse engineering research teams.
* Pen-testers, Security analysts, Security auditors, who want to take their skills to the next level and write their own exploits instead of borrowing them.
* People frustrated at software to the point they want to break it!
Hardware Requirement:
* A working laptop (no Netbooks)
* Intel Core 2 Duo x86/x64 hardware (or superior) required
* 4GB RAM required, at a minimum, 8GB preferred
* Wireless network card
* 20 GB free Hard disk space
* Working USB port (should not be DLP disabled!)
Minimum Software to install:
* Linux / Windows / Mac OS X desktop operating systems
* VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
* Administrator / root access MANDATORY
Saumil Shah
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented and taught at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box, REcon and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.
S. K. Chong
S.K. Chong (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools and exploits in his penetration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing for banks, ISPs government agencies, etc. If exploit code is not available, his understanding of security advisories, exploitation and buffer overflow concepts have allowed him to create exploit code on the fly. These experiences have helped him discover other similar yet new bugs. SK has authored security whitepapers on SQL Injection, Buffer overflows, Shellcode and Windows Kernel research, including one of which was published in Phrack E-zine #62. His research has been presented in many security conferences around the world like Black Hat, XCon, HITBSecConf, etc.
Click here to register.