The Exploit Laboratory: Red Team

Saumil Shah | December 9-10

Early

$2600

Ends Oct 24
11:59PM EST

Regular

$2800

Ends Dec 5
11:59PM EST

Late

$3100

Ends Dec 12

Overview

The Exploit Laboratory: Red Team is an intense 2 day course carefully crafted to provide students a practical hands-on approach to exploiting modern day operating systems. The focus of the class is to bring participants up to speed on the complexities of exploit writing required for defeating modern exploit mitigation techniques.

The Red Team edition is an all new intermediate/advanced level class being introduced for the first time at the Blackhat 2013 West Coast Trainings event in Seattle. The class begins with an introduction to browser and PDF exploits and moves quickly onto defeating exploit mitigation techniques like DEP and ASLR. Topics covered in the class include stack overflows, vtable pointer overwrites, advanced heap spraying, Return Oriented Programming (ROP) and Use-After-Free bugs.

We end the class with a mini "Capture The Flag" contest where you shall put your newly acquired exploit writing skills to test in a near-real-world environment.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 8 years have been working hard in putting together advanced material based on past feedback.

NOTE: THIS CLASS CAN BE COMBINED WITH "THE EXPLOIT LABORATORY: MASTER" AS A 4 DAY COURSE.

Teaching Style

Concepts taught using slides and on-screen demos.
Hands-On labs for each module.
Participants are required to bring their own laptops to class.
Do-It-Yourself approach to learning.
All lab exercises shall be distributed as VMware virtual system images.

Learning Objectives

Memory Corruption Bugs - past and present
Quick refresher on Stack Overflows for Linux and Windows
Introduction to Browser Exploits
Spraying the Heap for fun and profit
Introduction to Exploit Mitigation Techniques
Defeating Exploit Mitigation Techniques
Introduction to Return Oriented Programming
Defeating DEP using ROP
Practical ROP Exploits on Windows
Abusing Objects in memory - vftable overwrites
Use-After-Free bugs - Advanced Browser and PDF exploits
ROP techniques for Use-After-Free exploits

Target Audience

Red Team members, who want to pen-test custom binaries and exploit custom built applications.
Bug Hunters, who want to write exploits for all the crashes they find.
Members of military or government cyberwarfare units.
Members of reverse engineering research teams.
Pen-testers, Security analysts, Security auditors, who want to take their skills to the next level and write their own exploits instead of borrowing them.
People frustrated at software to the point they want to break it!

Daily Class Outline

Day 1

Memory Corruption Bugs - past and present
Quick refresher on Stack Overflows
Browser Exploits and heap spraying
Defeating Exploit Mitigation Techniques
Introduction to Return Oriented Programming
Defeating DEP using ROP
Practical ROP Exploits

Day 2

Abusing Objects in memory - vftable overwrites
Use-After-Free bugs - Advanced Browser and PDF exploits
ROP techniques for Use-After-Free exploits
CAPTURE-THE-FLAG

Prerequisites

A clear understanding of CPU registers, stack memory and stack overflows.
A clear understanding of how Functions work in C.
Able to use a debugger such as GCC or WINDBG.
Working knowledge of operating systems, Win32 and Unix.
Not be allergic to command line tools.
Working knowledge of shell scripts, cmd scripts or Perl.
SKILL LEVEL: INTERMEDIATE/ADVANCED

Tutorials

The Exploit Laboratory: Red Team edition is an advanced class. If your concepts are a bit rusty, we have prepared three tutorials that we HIGHLY recommend before coming to the class.

Operating Systems: A Primer

http://www.slideshare.net/saumilshah/operating-systems-a-primer

How Functions Work:

http://www.slideshare.net/saumilshah/how-functions-work-7776073

Introduction to Debuggers:

http://www.slideshare.net/saumilshah/introduction-to-debuggers

Hardware Requirements

A working laptop (no Netbooks, no Tablets, no iPads)
Intel Core 2 Duo x86/x64 hardware (or superior) required
4GB RAM required, at a minimum, 8GB preferred, and anywhere in between shall be tolerated
Wireless network card
20 GB minimum free Hard disk space
Working USB port (should not be DLP disabled!)

Software Requirements

Linux / Windows / Mac OS X desktop operating systems
VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
Administrator / root access MANDATORY

Trainers

Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".

Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.

On This Page