On This Page

Exploit Laboratory: Master

Saumil Shah | August 1-2



Overview

The Exploit Laboratory: Master class, first taught at Blackhat USA 2015, returns with advanced topics in exploit development. This 2 day class is designed for participants already familiar with exploit development and need to take their skills to the next level. The Master edition course is an ideal extension of the Exploit Laboratory: Black Belt class. The class is primarily driven by lab examples and exercises, with very little theoretical teaching.

Topics covered in the Master edition include advanced ROP chains, an in-depth analysis of infoleak bugs, one-byte memory overwrite ownage, heap spraying on modern Javascript engines, server side heap spraying, and a practical case study on 64-bit exploitation of a modern Linux web server.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 10 years have been working hard in putting together advanced material based on past feedback.

NOTE: THIS CLASS CAN BE COMBINED WITH "THE EXPLOIT LABORATORY: BLACK BELT" AS A 4 DAY COURSE.

COURSE DURATION: 2 DAYS
-----------------------

TEACHING STYLE:
---------------
  • Concepts taught using slides and on-screen demos.
  • Hands-On labs for each module.
  • Participants are required to bring their own laptops to class.
  • Do-It-Yourself approach to learning.
  • All lab exercises shall be distributed as VMware virtual system images.

LEARNING OBJECTIVES:
--------------------
  • Quick refresher on browser exploits
  • Quick refresher on Use-After-Free bugs and vtable overwrites
  • Variations on ROP chains - direct Syscall invocation
  • Infoleak bugs and bypassing ASLR
  • Full "ownage" with One-byte memory corruption
  • Server side heap spraying
  • Practical server side ROP exploit on Linux
  • Introduction to exploits on 64-bit systems

Who Should Take this Course

  • Past students of The Exploit Laboratory: Black Belt who need more pwnage!
  • Red Team members, who want to pen-test custom binaries and exploit custom built applications.
  • Bug Hunters, who want to write exploits for all the crashes they find.
  • Members of military or government cyberwarfare units.
  • Members of reverse engineering research teams.
  • Pen-testers, Security analysts, Security auditors, who want to take their skills to the next level and write their own exploits instead of borrowing them.

Student Requirements

  • All topics covered in The Exploit Laboratory: RED TEAM or BLACK BELT classes.
  • -or- an equivalent level of confidence and recklessness.
  • SKILL LEVEL: ADVANCED

TUTORIALS:
----------
The Exploit Laboratory: Master is a highly advanced class. We mean it. The class assumes you are well versed with the concept of Return Oriented Programming and putting together a ROP chain by hand. If you wish to refresh your ROP concepts, do go through the following tutorial:

Dive Into ROP:
http://www.slideshare.net/saumilshah/dive-into-rop-a-quick-introduction-to-return-oriented-programming

What Students Should Bring

HARDWARE REQUIREMENTS:
----------------------
  • A working laptop (no Netbooks, no Tablets, no iPads)
  • x86/x64 hardware (Intel Core or equivalent/superior) required
  • 4GB RAM required, at a minimum, 8GB preferred
  • Wireless network card or Wireless USB adapter
  • 20 GB minimum free Hard disk space
  • Working USB port (should not be DLP disabled!)

SOFTWARE REQUIREMENTS:
----------------------
  • Linux / Windows / Mac OS X desktop operating systems
  • VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
  • Administrator / root access MANDATORY

What Students Will Be Provided With

  • All target virtual machine images used in the class.
  • A well built attacker virtual machine loaded with all tools required for advanced exploit development.

Trainers

Saumil Shah, a veteran BlackHat instructor, is the founder and CEO of Net-Square, providing cutting edge information security services to clients aroudn the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like BlackHat, RSA, CanSecWest, 44CON, Hack.lu, Hack-In-The-Box, NoSuchCon, REcon and others. Saumil has been the co-developer of the wildly successful "Exploit Laboratory" courses that he teaches all over the world. He has also authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book". Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.