The Exploit Laboratory: Black Belt is an intense 2 day course carefully crafted to provide students a practical hands-on approach to exploiting modern day operating systems. The focus of the class is to bring participants up to speed on the complexities of exploit writing required for defeating modern exploit mitigation techniques.
The class begins with an introduction to browser and PDF exploits and moves quickly onto defeating exploit mitigation techniques like DEP and ASLR. Topics covered in the class include stack overflows, vtable pointer overwrites, advanced heap spraying, Return Oriented Programming (ROP) and Use-After-Free (UAF) bugs.
We end the class with a mini "Capture The Flag" contest where you shall put your newly acquired exploit writing skills to test in a near-real-world environment.
As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 10 years have been working hard in putting together advanced material based on past feedback.
NOTE: THIS CLASS CAN BE COMBINED WITH "THE EXPLOIT LABORATORY: MASTER" AS A 4 DAY COURSE.
TEACHING STYLE:
---------------
- Concepts taught using slides and on-screen demos.
- Hands-On labs for each module.
- Participants are required to bring their own laptops to class.
- Do-It-Yourself approach to learning.
- All lab exercises shall be distributed as VMware virtual system images.
LEARNING OBJECTIVES:
--------------------
- Memory Corruption Bugs - past and present
- Quick refresher on Stack Overflows for Linux and Windows
- Introduction to Browser Exploits
- Spraying the Heap for fun and profit
- Introduction to Exploit Mitigation Techniques
- Defeating Exploit Mitigation Techniques
- Introduction to Return Oriented Programming
- Defeating DEP using ROP
- Practical ROP Exploits on Windows
- Abusing Objects in memory - vftable overwrites
- Use-After-Free bugs - Advanced Browser and PDF exploits
- ROP techniques for Use-After-Free exploits
- Extra hands-on practice for Use-After-Free exploits
DAILY CLASS OUTLINE:
--------------------
Day 1
- Memory Corruption Bugs - past and present
- Quick refresher on Stack Overflows
- Browser Exploits and heap spraying
- Defeating Exploit Mitigation Techniques
- Introduction to Return Oriented Programming
- Defeating DEP using ROP
- Practical ROP Exploits
Day 2
- Abusing Objects in memory - vftable overwrites
- Use-After-Free bugs - Advanced Browser and PDF exploits
- ROP techniques for Use-After-Free exploits
- CAPTURE-THE-FLAG
- A clear understanding of CPU registers, stack memory and stack overflows.
- A clear understanding of how Functions work in C.
- Able to use a debugger such as GCC or WINDBG.
- Working knowledge of operating systems, Win32 and Unix.
- Not be allergic to command line tools.
- Working knowledge of shell scripts, cmd scripts or Perl.
- SKILL LEVEL: INTERMEDIATE/ADVANCED
TUTORIALS:
----------
The Exploit Laboratory: Black Belt edition is an intermediate to advanced level class. If your concepts are a bit rusty, we have prepared three tutorials that we HIGHLY recommend before coming to the class.
Operating Systems: A Primer
http://www.slideshare.net/saumilshah/operating-systems-a-primerHow Functions Work:
http://www.slideshare.net/saumilshah/how-functions-work-7776073Introduction to Debuggers:
http://www.slideshare.net/saumilshah/introduction-to-debuggersSaumil Shah, a veteran BlackHat instructor, is the founder and CEO of Net-Square, providing cutting edge information security services to clients aroudn the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like BlackHat, RSA, CanSecWest, 44CON, Hack.lu, Hack-In-The-Box, NoSuchCon, REcon and others. Saumil has been the co-developer of the wildly successful "Exploit Laboratory" courses that he teaches all over the world. He has also authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.