Black Hat USA 2009 Weekend Training Session

July 25-26

Black Hat USA 2009 Weekday Training Session

July 27-28

Gray Hat Hacking: Exploit and Metasploit Module Development

Allen Harper

Overview

Gain a working understanding of vulnerabilities, how to prevent them, and how to develop proof of concept exploits from a typical vulnerability alert

Overview:
This class is taught by a co-author of Gray Hat: the ethical hacker’s handbook and is targeted at those looking to move beyond "Hacking Exposed" level skills to the next level. This class is designed to be intermediate to advanced (in content). This class starts off by providing a quick review of C and assembly. Next, the course moves to processor and memory structure before moving into Linux exploits and Windows Exploits. Exploits are discussed in a progressive manner from basic to intermediate to advanced. Finally, automated tools are introduced to speed up the exploit development process.

The class will cover a variety of topics to include: programming, buffer overflows, heap overflows, format string errors, exploiting techniques on Windows and Linux, debugging skills and the latest automation tools. Using this building block approach, the student will gain a working understanding of vulnerabilities, how to prevent them, and how to develop proof of concept exploits from a typical vulnerability alert. This is a hands-on course with half the time spent working through lab examples and real world vulnerabilities.

Key Learning Objectives:

• Intermediate to Advanced Exploit Development Subjects
• Understanding error conditions
• Categories of error conditions - stack overflow, heap overflow, off-by-one, format string bugs, integer overflows (this class will deal only with stack, heap and format string errors)s
• Unix process memory map
• Win32 process memory map
• Debugging applications (Linux gdb and Windows ollydbg)
• Identifying error conditions using debugging
• Return to Libc exploits
• Writing shellcode
• Real life exploit development
• Conducting basic source code reviews for spotting error conditions
• Metasploit Exploit Framework (exploit development and integration)

General Learning Objectives

• Intermediate and advanced exploiting skills
• Essential debugging skills
• Essential attacking skills
• Problem solving skills

Prerequisites

• Security concepts taught in more basic classes like "Hacking by Numbers" such as running tools created by others. In this class, the student will learn to modify or create their own tools.
• Metasploit
• Have a basic working knowledge of operating systems, Win32 and Linux
• Compiling programs using GCC, MS Visual C++ Toolkit
• Basic understanding of C or C++ programming

Student Expectations

• Stay awake
• Expect to move from basic to intermediate to advance subjects quickly

Who Should Attend
Primary Audience

• Pen-testers
• Security Researchers
• Security Professionals looking to move beyond "Hacking Exposed" skills

Secondary Target Audience

• Security Students
• Programmers, looking to learn about security implications
• Technical Managers, looking to gain a deeper understanding of what hackers are up to

Trainer:

Allen Harper

In 2007, Allen Harper retired from the military as a Marine Corps Major after a tour in Iraq. He has more than 20 years of IT/Security experience. He holds an MS in Computer Science from the Naval Post Graduate School and a BS in Computer Engineering from North Carolina State University. Allen led the development of the GEN III honeywall CDROM, called roo, for the Honeynet Project. Allen was a co-author of "Gray Hat", the ethical hacker's handbook published by McGraw Hill in 2004; the second edition was published in Jan 2008. He was a member of the 2004 winning team (sk3wl of r00t) of the DEFCON Capture the Flag contest. He is a faculty member for the Institute for Applied Network Security. He has worked as a security consultant for the Internal Revenue Service (IRS) and for Logical Security, LLC. His interests include reverse engineering, vulnerability discovery, and all forms of ethical hacking. Allen is now the President and Founder of N2NetSecurity, Inc.

Super Early: Ends Mar 15	Early: Ends May 1	Regular: Ends Jul 1	Late: Ends Jul 22	Onsite:
$1900	$2000	$2200	$2400	$2700