Black Hat USA 2008 Training
Caesars Palace Las Vegas • August 2-3, August 4-5
Exploits 101
Allen Harper
Overview
This class is targeted for those looking to move beyond “Hacking Exposed” level skills to the next level. This class starts off slow by providing a foundation of programming survival skills of C and assembly. Next, the course moves to processor and memory structure before moving into Linux exploits and Windows Exploits. Finally, automated tools are introduced to speed up the exploit development process.
The class will cover a variety of topics to include: programming, buffer overflows, heap overflows, format string errors, exploiting techniques on Windows and Linux, debugging skills and the latest automation tools. Using this building block approach, the student will gain a working understanding of vulnerabilities, how to prevent them, and how to develop proof of concept exploits from a typical vulnerability alert. This is a hands-on course with half the time spent working through lab examples and real world vulnerabilities.
What You Will Learn:
- Programming Survival Skills (C and C++)
- How to understand error conditions
- Categories of error conditions - stack overflow, heap overflow, off-by-one, format string bugs, integer overflows (this class will deal only with stack, heap and format string errors)
- Unix process memory map
- Win32 process memory map
- Debugging applications (Linux gdb and Windows OllyDbg)
- Identifying error conditions using debugging
- Writing shellcode
- Real life exploit development
- Secure coding practices
- Conducting basic source code reviews for spotting error conditions
- Metasploit Exploit Framework (exploit development and integration)
What You Will Get
Students will be presented with the following materials to be used and referenced throughout the duration of the course:
Copy of all slides, one bootable CDROM (Linux), and one CDROM with tools, code examples, etc.
Who Should Take the Course
Pen-testers, security researchers, security professionals looking to move beyond “Hacking Exposed” skills, security students, programmers looking to learn about security implications, technical managers looking to gain a deeper understanding of what hackers are up to.
Prerequisites
Student should have a basic understanding of:
- Security concepts, such as running tools created by others, taught in more basic classes like “Hacking by Numbers”. In this class, student will learn to modify or create their own tools.
- Operating systems, Win32 and Linux
- How to compile programs using GCC, MS Visual C++ Toolkit (but not required).
- Understanding of C or C++ programming would be a bonus (but not required)
Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
Trainer:
Allen Harper,
CISSP, is the president and founder of n2netsecurity, Inc. in North Carolina. In 2007, he retired from the military as a Marine Corps Major after a tour in Iraq. He has 20 years of IT/Security experience. He holds an MS in Computer Science from the Naval Post Graduate School and a BS in Computer Engineering from North Carolina State University. Allen led the development of the GEN III honeywall CDROM, called roo, for the Honeynet Project. Allen was a co-author of "Gray Hat", the ethical hacker's handbook published by McGraw Hill in 2004; the second edition was published in Jan 2008. He is a member of the 2004 winning team (sk3wl of r00t) of the DEFCON Capture the Flag contest. He is a faculty member for the Institute for Applied Network Security. He has worked as a security consultant for the Internal Revenue Service (IRS) and for Logical Security, LLC. His interests include reverse engineering, vulnerability discovery, and all forms of ethical hacking.|
Early:
Ends May 1 |
Regular: |
Late: |
Late/Onsite: Begins August 1 |
|
$1800 USD |
$2000 USD |
$2200 USD |
$2500 USD |