schedule
home cfp register sg_program sg_speakers sg_training sponsorship download archive travel about contact

The Exploit Laboratory Advanced Edition

- Saumil Shah

The Exploit Laboratory Advanced Edition returns to Singapore in 2014 for the third year in a row. The 2014 class is an all new intermediate to advanced level class specially designed for a 3-day format. The Advanced Edition begins with a quick overview of stack overflows, exception handler abuse, memory overwrites, and other core concepts. The class then moves on to use-after-free bugs and vtable overwrites, especially applicable to browser and PDF exploits. The class also spends a lot of time focusing on defeating modern day exploit mitigation techniques like DEP and ASLR using Return Oriented Programming (ROP). And last but not least, we shall also feature compound "Pwn2Own-style" exploits which involve memory leaks combined with dynamic ROP.

The Exploit Laboratory Advanced Edition requires a lot of hands on work. Lab examples used in this class cover Linux and Microsoft Windows platforms, featuring popular third party applications and products instead of simulated lab exercises.

We end the class with a mini "Capture The Flag" contest where you shall put your newly acquired exploit writing skills to test in a near-real-world environment.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 9 years have been working hard in putting together advanced material based on past feedback.

THE EXPLOIT LAB BLOG: http://blog.exploitlab.net/

Pre-requisite of Training Class

Student

SKILL LEVEL: INTERMEDIATE

  • Have a working knowledge of operating systems, Win32 and Unix.
  • Not be allergic to command line tools.
  • Use vi/pico/joe editors.
  • Have a working knowledge of shell scripts, cmd scripts or Perl.
  • Understanding of C programming would be a bonus.

Hardware

  • A working laptop (no Netbooks, no Tablets, no iPads)
  • Intel Core 2 Duo x86/x64 hardware (or superior) required
  • 4GB RAM required, at a minimum, 8GB preferred
  • Wireless network card
  • 20 GB minimum free Hard disk space
  • Working USB port (should not be DLP disabled!)

Software

  • Linux / Windows / Mac OS X desktop operating systems
  • VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
  • Administrator / root access MANDATORY

COURSE DURATION: 3 DAYS

TEACHING STYLE:

  • Concepts taught using slides and on-screen demos.
  • Hands-On labs for each module.
  • Participants are required to bring their own laptops to class.
  • Do-It-Yourself approach to learning.
  • All lab exercises shall be distributed as VMware virtual system images.

LEARNING OBJECTIVES:

  • Stack Overflows (Linux and Windows)
  • Use-after-free bugs and vtable overwrites
  • Browser Exploits
  • PDF Exploits
  • Heap Spraying in browsers and PDF readers
  • Defeating DEP using Ret2LibC
  • Introduction to Return Oriented Programming
  • ROP gadgets and stack flips.
  • ROP shellcode loaders
  • Practical ROP Exploits
  • Bypassing ASLR
  • Advanced Heap Spray techniques
  • Compound exploits – infoleak + memory corruption

TARGET AUDIENCE:

  • Red Team members, who want to pen-test custom binaries and exploit custom built applications.
  • Bug Hunters, who want to write exploits for all the crashes they find.
  • Members of military or government cyberwarfare units.
  • Members of reverse engineering research teams.
  • Pen-testers, Security analysts, Security auditors, who want to take their skills to the next level and write their own exploits instead of borrowing them.
  • People frustrated at software to the point they want to break it!

Daily Class Outline

Day 1 - Smashing the Stack

  • Memory Corruption Bugs - past and present
  • Introduction to systems concepts - OS, processes, functions
  • Know your debuggers - GDB and WinDBG
  • Stack overflows on Linux and Windows
  • Browser Exploits – part 1
  • Exercises

Day 2 - Browser and PDF exploitation

  • Abusing Objects in memory - vftable overwrites
  • Browser and PDF Exploits – part 2
  • Heap Spraying in browsers and PDF readers
  • Use-After-Free bugs - Advanced Browser and PDF exploits
  • Exercises

Day 3 - Exploit Mitigation Bypass

  • Defeating DEP using Ret2LibC
  • Introduction to Return Oriented Programming
  • Practical ROP Exploits
  • Bypassing ASLR
  • Advanced Heap Spray techniques with Flash and HTML5
  • Leaked memory pointers and Dynamic ROP chains
  • CAPTURE-THE-FLAG

Register Now !