Advanced Exploit Development
This course looks at exploit development on x86 and x64 platforms. Students will write shellcode and exploits targeting these platforms on both Linux and Windows. During the course participants will learn and apply techniques to bypass or weaken a range of security controls such as Stack Cookies, Data Execution Protection (DEP/NX) and Address Space Layout Randomisation (ASLR).
Topics covered include:
- Stack based overflows on Linux and Windows
- SEH Exploitation
- DEP and ROP
- Heap overflows
By the end of the course, students will be able to formulate exploitation strategies and begin to understand the core theory concepts which underpin the art and science of modern exploit development. Course alumni will be well placed to contribute as part of high end penetration testing teams, security engineers and architects, and secure coding professionals.
Affiliated course: Introduction to Exploit Development
On completion of this course, you should be able to:
- Develop and implement exploitation strategies for use on endpoints.
- Understand modern vulnerabilities at a technical level.
- Fuzz target programs and understand the role of code review to discover and evaluate unknown bugs.
- Analyse vulnerabilities and exploits through the proficient use of industry standard tools, and report on impact, mitigation effectiveness and root cause.
- Understand the inter-related nature of exploit mitigation controls in a modern endpoint and be able to identify weak points in the overall system of mitigations.
Course Day Breakdown
Computation, CPU Architecture, The Stack & Buffer Overflows
The session starts with an overview of the history of models of computation and the different types of CPU architecture. We’ll then move onto a comprehensive look at The Stack and binary operations. Students will participate in practical shellcoding and stack & BO exercises.
Shellcoding, x64/x86 Architectures, Stack Frames, Calling Conventions, Buffer Overflows, Memory Layout, Shellcode – Bad Characters.
Linux and Windows Exploitation
Day 2 continues with buffer overflow labs for Linux and Windows environments. We’ll then move onto executable binary formats, sharing code, linking shared libraries and stack cookies through lecture and lab components.
Loading Executables, Executable Formats, Memory Layout, PE & ELF File Formats, Exploiting GOT, RELRO, Stack Cookies.
Structured Exception Handling (SEH)
The session will introduce the concepts of Structured Exception Handling (SEH), Data Execution Prevention (DEP) and Return Oriented Programming (ROP). Labs will cover writing remote exploits using SEH and enabling DEP as a mitigation defeated with ROP.
SEH Exploitation, Mitigations, Protections, Return-to-libc, ROP Gadgets, ROP Chain.
ASLR & Heap Overflows
Today’s session lectures will discuss Address Space Layout Randomisation and heap Overflows. Students will run through a number practical exercises included forcing and leveraging an info leak, understanding Heap Chunks, Allocations and writing exploits to learn more about Heap and how to control it.
ASLR, Heap Overflows, ASLR Bypasses, Non-rebased Modules, Info Leak, Stack Characteristics, Heap Characteristics, Operations, Management, Fragmentation, Managers and Integrity.
Use After Free (UAF) & Vulnerability Discovery
Day 5 will cover the concepts of UAF and Vulnerability Discovery. Students will be able to put their newly acquired skills and knowledge into practice with a day of practical hands on exercises involving Code Review, Static Analysis and Fuzzing.
Heap Responsibilities, Pointer Validity, Free Lists, Heap Grooming/Spraying, UAF Case Studies, Code Review, Surface Attacks, Input Validation.
Who Should Attend
- Exploit developers wanting to learn how to overcome mitigations (such as stack cookies and DEP).
- Pentesters wanting to improve their exploit development skills.
- Experienced software engineers.
What You Will Receive
- Comprehensive set of course notes.
- UNSW certificate of attendance.
- Morning tea, lunch and afternoon tea.
UNSW Canberra Cyber
UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at email@example.com to discuss how.
Further InformationUNSW Canberra Cyber UNSW Canberra E: firstname.lastname@example.org W: www.unsw.adfa.edu.au/cyber
No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.