Announcement

Collapse
No announcement yet.

Hack to Basics - x86 Windows BBased Buffer Overflows, an introduction

Collapse
This is a sticky topic.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hack to Basics - x86 Windows BBased Buffer Overflows, an introduction

    Hack to Basics - x86 Windows Based Buffer Overflows, an introduction

    Want to learn about exploit development but feeling overwhelmed at all the latest technologies and buzzwords?

    Hack to basics is a course which will provide you with foundational level exploit development skills with real world exploitation techniques. This will range from “Vanilla” EIP overwrites through to Structured Exception Handler(SEH) exploitation and how egg hunters work with practical examples.

    By the end of the course, Students can expect to know the basics of x86 assembly, including some real world examples of exploiting vanilla EIP overwrites, SEH exploitation and using egg hunters. This will provide an entry to the world of exploit development and a strong foundation to work off in order to make it easier to transition to the newer, more advanced technologies which are in place today.

    To get the most out of this training, the following should be studied beforehand:

    FuzzySecurity:
    https://www.fuzzysecurity.com/tutorials/expDev/1.html
    https://www.fuzzysecurity.com/tutorials/expDev/2.html
    https://www.fuzzysecurity.com/tutorials/expDev/3.html
    https://www.fuzzysecurity.com/tutorials/expDev/4.html

    Corelan:
    https://www.corelan.be/index.php/200...sed-overflows/
    https://www.corelan.be/index.php/200...torial-part-2/
    https://www.corelan.be/index.php/200...al-part-3-seh/

    We will be using Python to construct our exploits, combined with a debugger such as Immunity or OllyDBG, it it is recommended to be familiar with both.

    Dino Covotsos is the founder and CEO of Telspace Systems, a 100% South African-owned IT security firm, which started in 2002. Covotsos has many years of experience in the information security sector and has been involved in hundreds of information security projects worldwide. He is also a well-known presenter at international conferences, including Hack In the Box, Sector, H2HC, DEF CON (Recon Village) and many more. Covotsos is also passionate about the information security community and is involved various community based projects. Covotsos is on the advisory board for the ITWeb Security Summit and has several industry certifications, such as the OSCE, OSCP, OSWP and CREST CRT.

    Manuel is currently employed as the Chief Operating Officer at Telspace Systems. Manuel has a passion for information security and over the years has gained a significant amount of knowledge and experience in the both the technical (operational) and management areas of information security. Throughout his career he has been involved in information security-related research, training, awareness and advisory projects targeting industry sectors, large financial/government institutions, multinational organizations and SMEs. He has overseen a large number of projects, Manuel also facilitates and speaks at numerous conferences as well as taking part in radio interviews and forming part of specialist panels.

    Prerequisites for students:
    • Basic experience in assembly and a debugger, preferably Immunity or Olly.
    • 2-3 years of penetration testing experience would be beneficial.
    • Experience in Kali linux, as this will be used as the primary operating system.
    • Materials or Equipment students will need to bring to participate:
    • Laptops with the following specs or greater:
    • Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz (or AMD equivalent)
    • 8GB RAM
    • Kali Linux installed (x86 is fine)
    • Wireless Network Adapter + Ethernet Adapter
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

  • #2
    Hi,

    Is there any fee to register for a workshop ?

    Comment


    • Dark Tangent
      Dark Tangent commented
      Editing a comment
      There is a small fee to cover materials costs and to encourage people to show up to the workshop so no seats are left empty.

      Workshop registration will open early next week!

  • #3
    想了解漏洞利用开发,但对所有最新技术和流行语感到不知所措?Hack to basics是一门通过现实世界的开发技术提供基础级别的漏洞利用开发技能的课程。
    这将包括“Vanilla”EIP覆盖到结构化异常处理程序(SEH)开发以及如何使用Egg Hunter实际示例。在课程结束后,学生会了解x86组装的基础知识,包括利用Vanilla EIP覆盖,SEH开发和使用Egg Hunter的一些真实的例子。
    这将为渗透测试世界提供一个入口,并打下强大的工作基础,以便更容易地过渡到现有的更新的,更先进的技术。 我们将使用Python来构建我们的工具,结合Immunity或OllyDBG等调试器,建议您提前熟悉 它们。

    Dino Covotsos是Telspace Systems的创始人兼首席执行官,Telspace Systems是一家由南非全资投资的IT安全公司,始于2002年。Covotsos在信息安全领域拥有 多年经验,并参与了全球数百个信息安全项目。
    他还是国际会议的著名主持人,包括Hack In the Box(HITB),Sector,H2HC,Defcon(Recon Village)等等。
    Covotsos也对信息安全社区充满热情,并参与各种社区项目。
    Covotsos是ITWeb安全峰会的顾问委员会,并拥有多项行业认证,如OSCE,OSCP,OSWP 和CREST CRT。
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A

    Comment

    Working...
    X