On June 8-9, right before SummerC0n, Alex Sotirov and I will be giving a special New York City edition of our Assured Exploitation training class. This is a great opportunity for anyone who was unable to take our class at CanSecWest this year. The two-day class costs $2500 per student for registrations received before May 25 and $3000 per student for registrations received afterwards. We accept payment via Purchase Order, major credit cards, and PayPal. Group discounts are also available (contact us for a price quote). To register, e-mail me (ddz at theta44 dot org) or fill out the form below. For full details, see below or download the full course description.
Many security professionals have mastered stack overflows and heap spraying, but these techniques are rarely sufficient when developing modern real-world exploits. Reliable exploitation on Vista and Windows 7 systems requires advanced techniques such as heap layout manipulation, return oriented programming and ASLR information leaks. This course focuses on teaching the principles behind these advanced techniques and will give the students hands-on experience developing real-world exploits. Each student will finish the class with their own personally-developed exploit for the “Aurora” use-after-free vulnerability in Internet Explorer that evades ASLR and DEP and reliably exploits Windows 7.
The class curriculum also includes:
- In-depth review of GS, ASLR, DEP, SafeSEH and SEHOP exploitation mitigations
- Heap implementation details and manipulation of the heap state (including Windows 7 heap)
- Building primitives for heap layout control in new applications
- Bypassing DEP and ASLR
- Return oriented programming and shellcode development
- Implementing a universal bypass of DEP and ASLR in Internet Explorer 8
- Multistage stack pivots
Students are expected to be familiar with the basic exploitation techniques for stack and heap overflows on Windows, as described in the Shellcoder’s Handbook and similar books. They should be comfortable using assembly level debuggers and have basic familiarity with reverse engineering. The material in this course is designed to be challenging, but we believe that with the help of our expert instructors any dedicated student will be able to master it.
All hands-on exercises in the course will be performed in virtual machines provided by the trainers. You will need a laptop with VMware Workstation 6 or later, or VMware Fusion 2 or later if using a Mac. The minimum hardware requirements for the laptop are 2GB of memory (3GB or more recommended) and a processor equivalent to a 2.4GHz Core2 Duo.
To register, e-mail me (ddz at theta44 dot org) or fill out the following contact form.