Tweet
Hack to Basics - x86 Windows Based Buffer Overflows, an introduction
Want to learn about exploit development but feeling overwhelmed at all the latest technologies and buzzwords?
Hack to basics is a course which will provide you with foundational level exploit development skills with real world exploitation techniques. This will range from “Vanilla” EIP overwrites through to Structured Exception Handler(SEH) exploitation and how egg hunters work with practical examples.
By the end of the course, Students can expect to know the basics of x86 assembly, including some real world examples of exploiting vanilla EIP overwrites, SEH exploitation and using egg hunters. This will provide an entry to the world of exploit development and a strong foundation to work off in order to make it easier to transition to the newer, more advanced technologies which are in place today.
To get the most out of this training, the following should be studied beforehand:
FuzzySecurity:
https://www.fuzzysecurity.com/tutorials/expDev/1.html
https://www.fuzzysecurity.com/tutorials/expDev/2.html
https://www.fuzzysecurity.com/tutorials/expDev/3.html
https://www.fuzzysecurity.com/tutorials/expDev/4.html
Corelan:
https://www.corelan.be/index.php/200...sed-overflows/
https://www.corelan.be/index.php/200...torial-part-2/
https://www.corelan.be/index.php/200...al-part-3-seh/
We will be using Python to construct our exploits, combined with a debugger such as Immunity or OllyDBG, it it is recommended to be familiar with both.
Dino Covotsos is the founder and CEO of Telspace Systems, a 100% South African-owned IT security firm, which started in 2002. Covotsos has many years of experience in the information security sector and has been involved in hundreds of information security projects worldwide. He is also a well-known presenter at international conferences, including Hack In the Box, Sector, H2HC, DEF CON (Recon Village) and many more. Covotsos is also passionate about the information security community and is involved various community based projects. Covotsos is on the advisory board for the ITWeb Security Summit and has several industry certifications, such as the OSCE, OSCP, OSWP and CREST CRT.
Manuel is currently employed as the Chief Operating Officer at Telspace Systems. Manuel has a passion for information security and over the years has gained a significant amount of knowledge and experience in the both the technical (operational) and management areas of information security. Throughout his career he has been involved in information security-related research, training, awareness and advisory projects targeting industry sectors, large financial/government institutions, multinational organizations and SMEs. He has overseen a large number of projects, Manuel also facilitates and speaks at numerous conferences as well as taking part in radio interviews and forming part of specialist panels.
Prerequisites for students:
- Basic experience in assembly and a debugger, preferably Immunity or Olly.
- 2-3 years of penetration testing experience would be beneficial.
- Experience in Kali linux, as this will be used as the primary operating system.
- Materials or Equipment students will need to bring to participate:
- Laptops with the following specs or greater:
- Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz (or AMD equivalent)
- 8GB RAM
- Kali Linux installed (x86 is fine)
- Wireless Network Adapter + Ethernet Adapter
Comment