Have you ever found yourself staring at a vulnerability advisory with some proof-of-concept snippets and wished the author had rather attached a working exploit with it? Have you wished you could analyze vulnerabilities and write your own exploits for them? Have you wanted to debug and exploit custom built applications and binaries? The Exploit Laboratory, now in its fifth year, is an intense hands-on class for those wishing to dive into vulnerability analysis and exploit writing. The Exploit Laboratory starts off with a basic insight into system architecture, process execution, operating systems and error conditions. The class then quickly accelerates to analyzing vulnerabilities with debuggers, reproducing reliable error conditions and writing working exploits for the same. The Exploit Laboratory features popular third party applications and products as candidates for vulnerability analysis and exploitation, rather than building up on carefully simulated lab exercises. Most of the class time is spent working on lab exercises and examples. Lab examples and exercises used in this class cover both the Unix (Linux) and Microsoft Windows platforms, illustrating various error conditions such as stack overflows, heap overflows and memory overwrites. The latter part of the class focuses on topics such as browser exploitation, PDF exploitation and Mac OS X exploitation. All this—delivered in a down-to-earth, learn-by-example methodology, by trainers who have been teaching advanced topics in computer security for over 10 years. This class is updated from the 2009 edition, featuring revised content on heap overflows, abusing exception handlers and more hands-on examples based on recent vulnerabilities. This class does NOT require knowledge of assembly language. A few concepts and a sharp mind is all you need.
NOTE: MAC OS X is not "officially" supported in this class. However, participants have successfully used Intel based MacBooks or MacBook Pros in previous classes. The ultra sleek MacBook Air won't work. All Mac OS X users are required to bring their own copies of VMWare Fusion or Parallels, as long as you can run virtual machine images created in VMWare Workstation 5 and above.
If your laptop is a locked-down company issued laptop, please make sure you have VMWare Workstation or VMWare Player installed by your administrator before you come to class.
Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.
S.K. Chong (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools and exploits in his penetration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing for banks, ISPs government agencies, etc. If exploit code is not available, his understanding of security advisories, exploitation and buffer overflow concepts have allowed him to create exploit code on the fly. These experiences have helped him discover other similar yet new bugs. SK has authored security whitepapers on SQL Injection, Buffer overflows, Shellcode and Windows Kernel research, including one of which was published in Phrack E-zine #62. His research has been presented in many security conferences around the world like Black Hat, XCon, HITBSecConf, etc.