Black Hat Digital Self Defense Europe 2006
Trainiing

Note: if the class is overfilled, then you will be contacted should this occur.

training

Black Hat Europe Training 2006
Grand Hotel Krasnapolsky • 28 February-1 March

Course Length: 2 days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Cost:

Early Bird: before
1 February 2006
1500 EUR
1800 USD
Regular: after 1
February 2006
1665 EUR
2000 USD

REGISTER NOW

Two Day Course

28 February - 1 March

The Exploit Laboratory - Buffer Overflows For Beginners

Saumil Udayan Shah & S.K. Chong

What to bring:
Laptop:

  • Windows 2000 or XP (at a minimum)
  • Administrator access required
  • Network card (wired ethernet)
  • 256MB RAM minimum, 2GB free HDD space minimum
  • Bootable CDROM/DVDROM drive would be a bonus (but optional)

Bootable Linux CDs or shell access to Linux accounts will be provided for the Linux attack exercises.

All tools such as the Visual C++ toolkit (free), Cygwin, etc will be provided on CD.

OVERVIEW
This class shall introduce how buffer overflow vulnerabilities arise in programs and how they get exploited. The class will take you deep inside how programs are loaded and execute within memory, how to spot buffer overflow conditions and how exploits get constructed for these overflow conditions. By exposing the inner mechanisms of such exploits, we will understand how to prevent such vulnerabilities from arising.

The class will cover analysis of stack overflows, heap overflows and format string vulnerabilities. Examples of vulnerabilities shall be provided on both the Windows as well as the Unix platform. The class is highly hands-on and very lab intensive. The hands-on lab provides real-life examples of programs containing vulnerabilities, and participants are required to analyse and exploit these vulnerabilities.

LEARNING OBJECTIVES

  • Understanding error conditions.
  • Categories of error conditions - stack overflow, heap overflow, off-by-one, format string bugs, integer overflows (this class will deal only with stack, heap and format string)
  • Unix process memory map
  • Win32 process memory map
  • Debugging applications
  • Identifying error conditions using debugging
  • Writing shellcode
  • Real life exploit construction
  • Secure coding practices
  • Doing code reviews for spotting error conditions
  • Kernel level protection mechanisms

WHO SHOULD ATTEND
Pen-testers, developers, just about anyone who wants to understand how exploits work.

PARTICIPANTS ARE REQUIRED TO

  • Have a working knowledge of operating systems, Win32 and Unix
  • Compile programs using GCC, MS Visual C++ Toolkit
  • Use vi/pico/joe editors
  • Not be allergic to command line tools
  • Understanding of C or C++ programming would be a bonus.

WHAT TO BRING

Laptop:

  • Windows 2000 or XP (at a minimum)
  • Administrator access required
  • Network card (wired ethernet)
  • 256MB RAM minimum, 2GB free HDD space minimum
  • Bootable CDROM/DVDROM drive would be a bonus (but optional)

Bootable Linux CDs or shell access to Linux accounts will be provided for the Linux attack exercises.

All tools such as the Visual C++ toolkit (free), Cygwin, etc will be provided on CD.

ISC2 CISSP/SCCP CPE Credits
Students are eligible to receive 16 Continuing Professional Education (CPE) credits upon completion of class. Black Hat will automatically forward your information to ISC2.

Course Length: 2 days All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Cost:

Early Bird: before 1 February 2006
1500 EUR
1800 USD
Regular: after 1 February 2006
1665 EUR
2000 USD
Trainer:

Saumil Udayan Shah
Founder and Director, Net-Square Solutions Pvt. Ltd.

Saumil continues to lead the efforts in e-commerce security research at Net-Square. His focus is on researching vulnerabilities with various e-commerce and web based application systems. Saumil also provides information security consulting services to Net-Square clients, specializing in ethical hacking and security architecture. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than nine years experience with system administration, network architecture, integrating heterogenous platforms, and information security and has perfomed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a regular speaker at security conferences such as BlackHat, RSA, etc.

Previously, Saumil was the Director of Indian operations for Foundstone Inc, where he was instrumental in developing their web application security assessment methodology, the web assessment component of FoundScan - Foundstone's Managed Security Services software and was instrumental in pioneering Foundstone's Ultimate Web Hacking training class.

Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young, where he was responsible for the company's ethical hacking and security architecture solutions. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member there.

Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, infomation security, and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996).

S.K. Chong (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools and exploits in his penentration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing for banks, ISPs goverment agencies, etc. If exploit code is not available, his understanding of security advisories, exploitation and buffer overflow concepts have allowed him to create exploit code on the fly. These experiences have helped him discover other similar yet new bugs. SK has authored security whitepapers on SQL Injection, Buffer overflows, Shellcode and Windows Kernel research, including one of which was published in Phrack E-zine #62. His research hsa been presented in many security conferences around the world like Blackhat, XCon, HITBSecConf, etc.

Black Hat Logo
(c) 1996-2007 Black Hat