Exploit Development
Advanced
RT434
Table of Contents
Description
In this course, participants who attended the introductory course (RT433) will further deepen their knowledge and understanding of exploit research and development.
This comprehensive course is designed to turn the participants into high-level security experts. They will learn how to find critical vulnerabilities everywhere in the platforms and exploit them. This training is a must-have knowledge for anyone who aims to work as a professional hands-on performer in the security field. Participants will be given practical skills in core subjects of information security, terminology, entering systems, and protecting them and will put great emphasis on hands-on practice.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
- Self-work at home between lessons
- Repetition of materials, self-learning, performing tasks, etc…
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.
Target audience
- Penetration testers
- Security professionals and vendors
- Research teams
- Reverse Engineers
Objectives
- Discovering different levels of vulnerabilities including zero-day vulnerabilities
- Understanding the methods of attacks
- Infrastructure and system defense
- Become familiar with APT and attacks
- Understanding modern security mechanisms
Pre-requisites
- Background in Malware Analysis
- ThinkCyber Level-2 Courses
Syllabus
Description
This module will introduce participants to the world of exploit development, explain the basic rules, what needs to be focused on, and how to create a neat and professional work process. This module will show the basic techniques of binary exploitation.
Technical content
- Anatomy of a program in memory
Process Memory
Organization Memory stack Buffer
Overflow Concepts and Definitions Brief on Assembly
Registers and Data Organization - Stack overflow
The Stack
Variables Environment
Variables Overwriting
Function Pointers
Stored on the Stack
Segmentation Fault
Error Understand
Pointers System instructions and OP Codes Executing
‘\xcc’ Instruction
Find Executable
Crash-Address
Crashing Executables with Programming
Allocate Buffer Size
Allocate Shellcode Size Stack
Common Defense Mechanisms
DEP ASLR NX
Working with NOP Find JMP
Instructions in the Memory Writing POC Code - Format strings vulnerability
Strings Leakage
Modify the execution flow of programs
Modify arbitrary memory locations
Specific values assignments
Writing larger data to the Process
Redirecting
Execution in a Process
Description
This module will raise the level of buffer overflow capabilities and present advanced and widely accepted techniques in the world of binary exploitation.
Technical content
- Heap Overflow Heap Memory
Section Heap Structure and Functionality
Influence the Code Flow Hijacking in Data Overwrite Heap
Pointers Heap
Metadata ‘Dlmalloc’ to Change Program Execution - Advance overflow techniques
Converting Strings to Little Endian Integers
Convert Binary Integers into ASCII Representation
Working with 32-bit Unsigned Integers
Remote Blind Format String Remote Heap Overflow
Attack Heap Overflows using VEH
Heap Overflows using the UEF
Description
This module will show the participants how to analyze the misconfigured C-code program to take advantage and write exploitation code to manipulate the system.
Technical content
- Analyzing C Code
Programs SUID Files
Permissions race conditions shell
Meta-variables
$PATH weaknesses
Scripting language
Weaknesses binary
Compilation failures Program that allows arbitrary programs to be executed
Manipulating crontab Instructions
Bypassing restriction
Code of file read
Permissions exploitindirectory permissions escape
Restricted shells anenvironments binary
Processes Standard Input and executes a shell command
Exploit local
Network Services
Labs
- Lab 1 C Program Memory Anatomy
- Lab 2 Executing Instructions
- Lab 3 Allocate Shellcode Size
- Lab 4 Writing POC Code
- Lab 5 Modify the Execution Flow of Programs
- Lab 6 Hijacking
- Lab 7 Heap Metadata
- Lab 8 Converting Strings to Little Endian Integers
- Lab 9 Remote Heap Overflow Attack
- Lab 10 Exploiting Directory Permissions
- Lab 11 Exploit Local Network Services
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group: FOUNDATION
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Certification
This course prepares the participant to the following certification:
- SEC760 (SANS)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities (supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
