What to Bring:
Users should have mono 1.1.16 or newer installed on their Windows®, Linux®, or Mac OS X® laptop(s) for the coding aspect of the class if they want to participate. Participation in coding is not required.
Windows users, we will be requiring .NET 2.0 and SharpDevelop 2.0.
Students' laptop(s) should also be able to copy files from a USB storage device.
|
Overview:
Whether you are an exploit coder by night for fun or a security consultant by day for profit (or both), this class will teach techniques to automate and streamline many of the tedious tasks encountered in the process finding exploits. From breaking down the process of where to start and where time is spent, to automating common up-front tasks and using analysis tools to make effective use of time, this class is both comprehensive and hard-core enough for both novices and experts. Exercises will uncover several previously known and novel real-world vulnerabilities that will be dissected and found using the techniques and tools described. Students will have a solid foundation for both using existing tools as well as creating their own automated tools.
Day One: Optimizing exploit discovery with best practices and free tools
The first day will discuss the process applied to discovering several novel security vulnerabilities, then will reflect on where tools and best practice techniques can be used to arrive at the exploits more quickly.
Day Two: Creating Automated Tools for optimizing exploit discovery.
The second day will involve taking what we learned the first day to the next level by using automated binary analysis techniques to create and enhance a tool for automatically finding exploits. Using and enhancing this tool, we will find novel exploitable vulnerabilities and get a deep understanding of the perceived and actual limitations of this technique.
Prerequisites:
Knowledge of a C-like programming language (C, C++, C#, or Java) is required. Knowledge of one of the following assembly languages is helpful but not required: x86, Java, SPARC, MIPS, .NET
There are some coding aspects to the class that students are not required to participate in and will be fully explained by the instructor.
Users should have mono 1.1.16 or newer (http://www.mono-project.com) installed on their Windows, Linux, or MacOS X laptop(s) for the coding aspect of the class if they want to participate. Participation in coding is not required.
Windows users, we will be requiring .NET 2.0 and SharpDevelop 2.0.
Students' laptop(s) should also be able to copy files from a USB storage device.
|
Trainer:
|
Matt Hargett has over 8 years of experience in various aspects of network and application security, from managing product development to finding a broad range of exploitable bugs inoperating systems and applications. Most recently, he created the product BugScan which analyzed binaries for, and found several, novel exploitable security vulnerabilities. He is now working to educate security researchers and practitioners on applying public research and information toward building and evaluating static analysis tools and products.
Luis Miras is the lead vulnerability researcher at Intrusion Inc. He has done work for leading consulting firms. and Network Associates. He released the first public polymorphic shellcode at Defcon 8 and has also spoken at Toorcon 7 as well as the CCC Congress (17c3) in Berlin. In the past he has worked in digital design, and embedded programming.
|