This class will bring to you the magic of being able to write your own buffer overflows against the Windows platform.
What You Will Learn:
- The basics of Windows SEH handling
- How to take advantage of Ollydbg's many exploit-development features
- How to write reliable, robust, Windows exploits
- Techniques for analyzing different problems that occur when
writing Windows exploits
- Several techniques for exploiting heap overflows (advanced students)
- A general understanding of exploit development covering:
- How exploit-ability is determined
- Several different methodologies for exploit development
- Design of a reliable exploit
No other class has taught exploit development at this level
Who Should Attend:
This course is ideal for someone who has read Aleph1's paper and wants to take the next step. It will also help people who have just started writing their own overflows, and want to get better at it, or want to learn new techniques for writing overflows on the Windows platform. If you are an experienced buffer overflow writer for Linux or Solaris, then this class will help you port your knowledge to the Windows platform.
- Technical personnel who want to go beyond the CISSP level of knowledge, and already have some experience with programming.
- Information Security Professionals
- Anyone with an interest in understanding exploit development
What will be provided:
You will be provided with a temporary license to Immunity CANVAS (http://www.immunitysec.com/CANVAS/) in order to keep you from having to learn how to write shellcode and how to exploit overflows all in one class.
All target VMWare images will be provided.
Students should have experience with 'C' programming and basic computer architecture. The better you are with assembly language, the more you will get out of this class, but you should at the very least know what a register is, and know what the instructions "mov" "call" and "jmp" do and how they work. You don't have to be a assembly language programmer to take this class, but you should have no problems understanding Aleph1's smashing the stack paper
Basic knowledge of Ollydbg is a welcome bonus. Ollydbg is freely available
Basic knowledge of Python is also required. This requirement is easy to
pick up (should take you one hour or less) if you have basic knowledge in
C. We recommend any of the tutorials placed online (www.python.org).
You should know what "LoadLibraryA()" does. (I.E. You need a basic familiarity with the Win32 API. This is less important if you are a strong C programmer.)
You must bring a hacker's mentality with you.
Course Length: 2 days
Cost: US $1600 on or before 1 December 2003, or US $1800 after 1 December 2003
NOTE: this is a two day course. A Black Hat Certificate of Completion will be offered.