The Exploit Laboratory

Overview

The Exploit Laboratory for 2013, in its 8th year running, is an all new intermediate to advanced level class, for those curious to dig deeper into the art and craft of software exploitation. We begin with a quick overview of stack overflows, exception handler abuse, memory overwrites, and other core concepts. The class then moves on to use-after-free bugs and vtable overwrites, especially applicable to browser and PDF exploits.

The Exploit Laboratory requires a lot of hands on work. Lab examples used in this class cover Linux, Windows and Android platforms, featuring popular third party applications and products instead of simulated lab exercises.

We end the class with a mini "Capture The Flag" contest where you shall put your newly acquired exploit writing skills to test in a near-real-world environment.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 8 years have been working hard in putting together latest material based on past feedback.

TEACHING STYLE:

• Concepts taught using slides and on-screen demos.
• Hands-On labs for each module.
• Participants are required to bring their own laptops to class.
• Do-It-Yourself approach to learning.

All lab exercises shall be distributed as VMware virtual system images.

LEARNING OBJECTIVES

• Memory Corruption Bugs - past and present
• Stack Overflows on Linux and Windows
• Abusing Structured Exception Handlers on Windows
• Abusing Objects in memory - vftable overwrites
• Browser Exploits
• PDF Exploits
• Heap Spraying in browsers and PDF readers
• Use-After-Free bugs - Advanced Browser and PDF exploits

TARGET AUDIENCE:

• Red Team members, who want to pen-test custom binaries and exploit custom built applications.
• Bug Hunters, who want to write exploits for all the crashes they find.
• Members of military or government cyberwarfare units.
• Members of reverse engineering research teams.
• Pen-testers, Security analysts, Security auditors, who want to take their skills to the next level and write their own exploits instead of borrowing them.
• People frustrated at software to the point they want to break it!

DAILY CLASS OUTLINE:

• Day 1
• Memory Corruption Bugs - past and present
• Introduction to systems concepts - OS, processes, functions
• Stack Overflows on Linux
• Stack Overflows on Windows
• Abusing Structured Exception Handlers on Windows

• Day 2
• Abusing Objects in memory - vftable overwrites
• Browser Exploits
• PDF Exploits
• Heap Spraying in browsers and PDF readers
• Use-After-Free bugs - Advanced Browser and PDF exploits
• CAPTURE-THE-FLAG

PREREQUISITES:

• Have a working knowledge of operating systems, Win32 and Unix.
• Not be allergic to command line tools.
• Use vi/pico/joe editors.
• Have a working knowledge of shell scripts, cmd scripts or Perl.
• Understanding of C programming would be a bonus.
• SKILL LEVEL: INTERMEDIATE

HARDWARE REQUIREMENTS:

• A working laptop (no Netbooks, no Tablets, no iPads)
• Intel Core 2 Duo x86/x64 hardware (or superior) required
• 4GB RAM required, at a minimum, 8GB preferred
• Wireless network card
• 20 GB minimum free Hard disk space
• Working USB port (should not be DLP disabled!)

SOFTWARE REQUIREMENTS:

• Linux / Windows / Mac OS X desktop operating systems
• VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
• Administrator / root access MANDATORY

THE EXPLOIT LAB BLOG: http://blog.exploitlab.net/

OUR TWITTER STREAM: @exploitlab

Trainers

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

---

S.K. Chong (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools and exploits in his penetration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing for banks, ISPs government agencies, etc. If exploit code is not available, his understanding of security advisories, exploitation and buffer overflow concepts have allowed him to create exploit code on the fly. These experiences have helped him discover other similar yet new bugs. SK has authored security whitepapers on SQL Injection, Buffer overflows, Shellcode and Windows Kernel research, including one of which was published in Phrack E-zine #62. His research has been presented in many security conferences around the world like Black Hat, XCon, HITBSecConf, etc.