So you have found a vulnerable target. You throw your exploit at it with its default shellcode. You sit there with high hopes of compromising the system, but you don't get a shell. So what happened? There is a good chance the victim machine failed to connect back to you with the pre-packaged shellcode. Wouldn't it be great if you could write your own shellcode to bypass security controls such as firewalls and authenticated proxies to increase your exploitation success rate?
Well now you can! You will be provided with a "Virtual Shellcode Development Environment" that is designed to enable shellcode development across multiple platforms. Students will learn how to write shellcode for Linux, Mac 64-bit OSX and Windows. The development of the shellcode is presented using easy to learn techniques. Starting off with an introduction to different shellcoding techniques on each platform, an introduction to basic memory management and assembly, followed by creating simple shellcode to write to stdout and call functions.
This gives students a base understanding and practical experience to develop simple shellcode. The complexity is then increased to more useful shellcode such as command execution, dynamic Windows shellcode, setting up backdoor listeners using sockets, shellcode networking to remotely gain a command shell, and egg hunter shellcode to search through memory for our payload. All of this is done whilst holding your hand so that you don't miss a beat. Students will also learn about staged-loading shellcode to bypass security controls such as firewalls and authenticated proxies, and kernel level shellcode to perform privilege escalation.
Students are taught how to encode their shellcode using the Metasploit Exploit Framework (MSF), and insert it into exploits that will be used to show that their shellcode was successfully executed. They will learn how to use MSF to generate shellcode for a variety of platforms, as well as how to integrate their shellcode into MSF so that it is available to all Metasploit exploits.
Penetration Testers, Security Officers, Security Auditors, System Administrators and anyone else who wants to tune their elite security skills.
Anyone who is interested in shellcoding, exploitation, vulnerabilities or Metasploit are prime candidates for this course. Students will be taught from scratch everything they need to know to complete this course successfully and walk away with a thorough knowledge and practical skills on how to create shellcode.
This class is a great follow on course to "The Exploit Laboratory" and "The Exploit Laboratory: Black Belt". These students will have learned a lot about exploitation, but are still limited to pre-packaged shellcode. This course lets you create custom shellcode to maximize exploitation success rates.
Developers who want to learn low-level security development skills with shellcoding and assembly.
Managers who want to gain a more in depth understanding of how systems can be compromised, how security controls can be bypassed both at the operating system level and network level, and how network access controls and intrusion prevention systems play a big part in preventing shellcode successfully connecting back to the attacker, and the general risks associated with your network security.
A working laptop with the following hardware/software requirements:
Ty Miller is the Chief Technology Officer at Pure Hacking in Sydney Australia. He leads their specialist security team to ensure that his team is at the forefront of specialist information security services. Ty performs independent security research and presented at Black Hat 2008 in Las Vegas USA on his development of Reverse DNS Tunneling Shellcode. He runs The Shellcode Lab training course at Black Hat USA, and presented at Ruxcon 2012 on his development of remotely exploiting internal network vulnerabilities via a web browser. Ty is also a co-author of the book Hacking Exposed Linux 3rd Edition, and runs the popular shellcoding site “Project Shellcode” (www.projectshellcode.com). Ty was also involved in the design of the bootable CHAOS Linux cluster distribution.
Ty has been in the IT security area for over a decade and has run numerous training courses to clients around the world and at various security conferences. These courses include web application penetration testing, web application secure coding, infrastructure penetration testing, and shellcode development. These have been run both face-to-face and online.