■ Practical software vulnerability discovery.
■ Cutting-edge network protocol and file format fuzzing.
■ Binary analysis techniques and vulnerable patterns identification.
■ Advanced usage of the Grinder Framework, PyKd, and IDA Python.
■ In-depth study of modern Windows mitigation bypasses.
■ State of the art techniques for exploit development.
Formerly known as the Advanced Vulnerability Discovery and Exploit Development course, the Ptrace Security’s Advanced Software Exploitation course offers security professionals an opportunity to test and develop their skills like never before. During this class, attendees will be provided with the latest techniques and tools to discover vulnerabilities and use them to develop reliable exploits for a wide range of software including complex Windows applications, interpreted languages, Web browsers, and critical Microsoft services.
In the first half of the course, attendees will use reverse engineering, source code auditing, and fuzz testing to attack a wide variety of applications (many of which are critical for a successful penetration test) and then use the latest exploitation techniques available today to develop a reliable exploit for Windows 7, Windows 8.1 and Windows 10.
In the second half of the course, the focus will shift from classic to advanced exploitation techniques. Attendees will learn how to escape from the Java sandbox, how to circumvent ASLR without pointer leaks, how to use precise heap spraying and how to bypass the Enhanced Mitigation Experience Toolkit (EMET).
By the end of this course, attendees will have a clear idea of how to find and exploit software vulnerabilities on modern Windows machines.
Exploit Development 101 (Vulnerability classes and common exploitation techniques, Stack buffer overflows, Structured Exception Handler (SEH) based exploits, Return-oriented programming (ROP), etc.)
Practical Software Fuzzing (File format fuzzing, Random based fuzzers, Mutation based fuzzers, Generation based fuzzers, Model-based fuzzers, The Peach fuzzer, Create an M3U fuzzer, Network protocol analysis, Network protocol fuzzing, etc.)
Patch Diffing (Introduction to binary diffing, Microsoft patches, Download Microsoft patches, Binary diffing Microsoft patches, Discover vulnerabilities using Microsoft patch analysis, Crafting the initial proof of concept, etc.)
Escaping the Java Sandbox (Java sandbox architecture, Type confusion vulnerabilities, Finding type confusion vulnerabilities, The Java Applet java.util.concurrent type confusion vulnerability, Escaping the Java sandbox, etc.)
Attendees should be familiar with C/C++, Python, and the x86/x64 assembly language, as well as have a basic knowledge and understanding of popular software vulnerabilities (e.g. stack buffer overflows, format strings, etc.).
■ Laptop with at least forty (40) GB of free hard drive space and eight (8) GB of RAM.
■ Latest Oracle VM VirtualBox and VirtualBox Extension Pack installed.
■ A working version of IDA Pro 6.8+ (or IDA Pro Evaluation Version).