Black Hat Windows Security Training 2004
Seattle Sheraton Hotel & Towers, January 27-28, 2004

All course materials, lunch and two coffee breaks will be provided. A Black Hat Certificate of Completion will be offered.

CLOSED

This class will bring to you the magic of being able to write your own buffer overflows against the Windows platform.

What You Will Learn:

• The basics of Windows SEH handling
• How to take advantage of Ollydbg's many exploit-development features
• How to write reliable, robust, Windows exploits
• Techniques for analyzing different problems that occur when
  writing Windows exploits
• Several techniques for exploiting heap overflows (advanced students)
• A general understanding of exploit development covering:
  • How exploit-ability is determined
  • Several different methodologies for exploit development
  • Design of a reliable exploit
    

No other class has taught exploit development at this level

Who Should Attend:
This course is ideal for someone who has read Aleph1's paper and wants to take the next step. It will also help people who have just started writing their own overflows, and want to get better at it, or want to learn new techniques for writing overflows on the Windows platform. If you are an experienced buffer overflow writer for Linux or Solaris, then this class will help you port your knowledge to the Windows platform.

• Technical personnel who want to go beyond the CISSP level of knowledge, and already have some experience with programming.
• Information Security Professionals
• Anyone with an interest in understanding exploit development

What will be provided:
You will be provided with a temporary license to Immunity CANVAS (http://www.immunitysec.com/CANVAS/) in order to keep you from having to learn how to write shellcode and how to exploit overflows all in one class.

All target VMWare images will be provided.

Prerequisites:
Students should have experience with 'C' programming and basic computer architecture. The better you are with assembly language, the more you will get out of this class, but you should at the very least know what a register is, and know what the instructions "mov" "call" and "jmp" do and how they work. You don't have to be a assembly language programmer to take this class, but you should have no problems understanding Aleph1's smashing the stack paper

Basic knowledge of Ollydbg is a welcome bonus. Ollydbg is freely available
at: http://home.t-online.de/home/Ollydbg/

Basic knowledge of Python is also required. This requirement is easy to
pick up (should take you one hour or less) if you have basic knowledge in
C. We recommend any of the tutorials placed online (www.python.org).

You should know what "LoadLibraryA()" does. (I.E. You need a basic familiarity with the Win32 API. This is less important if you are a strong C programmer.)

You must bring a hacker's mentality with you.

Dave Aitel is the founder of Immunity, Inc. and the primary developer of CANVAS and the SPIKE Application Assessment Suite. His previous experience, both within the US Government and the private sector has given him a broad background in exploit development, training, and speaking. He has discovered numerous new vulnerabilities in products such as Microsoft IIS, SQL Server 2000, and RealServer.

Immunity, Inc. is a New York City based consulting and security software products firm. CANVAS, Immunity's flagship product, is a sophisticated exploit development and demonstration framework.