This year, Alex Sotirov and I will be teaching our first “Assured Exploitation” training class at CanSecWest. This training class is focused on various topics in advanced exploitation of memory corruption vulnerabilities. This includes a thorough understanding of exploitation mitigations (where they are effective and where they aren’t), heap manipulation, return-oriented programming, and ensuring a clean continuation of process execution so that the application does not crash.
Over the course of the training, the hands-on exercises will be oriented around taking the students through the steps of fully understanding the “Aurora” Internet Explorer vulnerability and developing their own reliable and robust exploit for Internet Explorer 8 on Windows 7, just like the exploit demonstrated in this video demo of my exploit:
Hey, I’m a student and can’t afford to go to CanSecWest. Are you going to publish the material for this course online after the conference?
Will you be offering this course again or be making your notes public?
@Zp: The course will likely be offered again at CanSecWest 2011. Not sure if it’ll be offered again before then.
@Andy, @Zp: The course notes/materials won’t be made public, however much of it draws from public presentations (i.e. Alex’s Heap Feng Shui, my Practical Return-Oriented Programming). I’d recommend reading up on those if you haven’t already.