Xtreme Exploitation

Trainer Name: Omair
Title: Xtreme Exploitation
Duration: 2 Days

Objective

Exploitation is the most critical and dreadful stage in a Cyber Kill Chain, which shifts the entire security paradigm from being Proactive to Reactive. Without and exception, every good Penetration Tester must know the working of Exploits and the latest exploitation techniques in depth. To contain the advanced attacks and provide effective security the art of Exploitation is indispensable.
The course is focused on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. The participants will learn about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Operating Systems and how to bypass them.

The course is heavily focused on being hands-on. Reference material documents will be provided for concepts for further reading. This class is all hands on, from the word Go! Only code and exploitation techniques are what you will take home.

Course Content

Day 1

• Basic, yet effectively fuzzing Microsoft Excel 2007 (XLS)
• Identifying the vulnerablity
• Controlling registers and program flow
• Popping up calc!

Day 2

• Understanding Heap Spraying
• Exploiting a Use-After-Free in Internet Explorer 6
• Exploting a Heap Overflow in Adobe Reader 8
• Exploiting Adobe Reader on Windows 7 using ROP chains
• Understanding ASLR bypasses

Tools/Concepts

• DEP (Data Execution Prevention)
• ASLR
• Debugger (Windbg primarily, but any other debugger like Ollydbg or Immunity Debugger will do)
• Assembly
• HexEditor
• Python 2.7
• Windows XP/7

Who Should Attend?

• Information Security Professionals
• Anyone with an interest in understanding exploit development
• Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the next level

Why attend?

Upon completion of this course, participants will be able to :

• Understand how exploits works and different types of software exploitation techniques
• Understand the exploit development process
• Search for vulnerabilities in closed-source applications
• Write their own exploits for vulnerable applications

Prerequisites

• Working knowledge of Windows Operating System Linux Operating Systems
• Working knowledge of scripting languages like Ruby or Python
• Basics of x86 Assembly
• Comfortable with command-line utilities

What to Bring

• Bring your own Laptop
• Bring the latest version of VMware Player available, installed on your system.
• Have administrative rights on this system.
• Laptop should at least have 3GB of RAM in total.

What to expect

• Calc.exe popping up everywhere!
• Two days of debugging and disassembling.
• Only place where *pointers are not the ideal ones.

What not to expect

• Anything not related to Exploit Development
• Theory and Slides!

About the Trainer

Omair has been conducting Penetration Tests and Vulnerability Assessments for over 9 years. Internal Infrastructure Security has occupied most of his time. He is an active Exploit Developer and is also a regular trainer for such courses.

His interests lie in discovering 0day vulnerabilities. A few of them are listed below:

• Internet Explorer 11 - SVG Marker Use-After-Free (CVE-2015-0042)
• Internet Explorer 11 - Cell Resizing (CVE-2014-4128)
• Internet Explorer 11 - CSVGSVGElement Use-After-Free (CVE-2014-6354)
• Internet Explorer 11 - CElement (CVE-2014-4145)
• Internet Explorer 11 - first-letter Use-After-Free (CVE-2014-4050)
• Microsoft Windows Direct2D Crafted 2D Geometric Figure Handling Memory Corruption (CVE-2014-0263)
• Google Chrome - Memory corruption in Skia (CVE-2011-3065)
• Excel Out of Bounds Array Indexing Vulnerability (CVE-2011-1990)
• RealPlayer SIPR Heap Buffer Overflow Vulnerability (CVE-2011-2945)