DEF CON Forum Site Header Art

Announcement

Collapse
No announcement yet.

House of Heap Exploitation by Maxwell Dulin at DEF CON 29

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • House of Heap Exploitation by Maxwell Dulin at DEF CON 29

    House of Heap Exploitation
    Maxwell Dulin


    Prerequisites for students?:
    • Basic computer science background (x86_64 assembly, stack, programming skills in C & Python)
    • Basic binary exploitation skills (buffer overflow exploitation, ROP, ASLR, etc.)
    • Familiar with Linux developer tools such as the command line, Python scripting and GDB.
    • Previous usage of pwntools is a plus

    Materials or Equipment students will need to bring to participate?:
    • Laptop with enough power for a moderately sized Linux VM
    • Administrative access to the laptop
    • 8GB RAM minimum
    • 50GB harddrive space
    • Virtualbox or another virtualization platform installed
    What level of skill is required for your targeted audience (Beginner/Intermediate/Advanced)?:
    Intermediate. This is not a beginner course; this will not go through the basics of binary exploitation.

    Abstract
    Summarize what your training will cover, attendees will read this to get an idea of what they should know before training, and what they will learn after. Use this to section to broadly describe how technical your class is, what tools will be used, and what materials to read in advance to get the most out of your training. This abstract is the primary way people will be drawn to your session.

    Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a subject that has evaded many people for years for one reason: they focus on the techniques instead of the allocator. By learning with an allocator first style, the techniques are easily understood and practical to use.

    This workshop is for learning heap exploit development in GLibC Malloc. GLibC Malloc is the default allocator on most Linux distros. With this hands-on introduction into GLibC Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. Whether you're an avid CTFer or just trying to get into heap exploitation on your pwnables site, this course is good for adding another tool to the tools arsenal. After taking this course you will understand the GLibC Malloc allocator, be able to discover heap specific vulnerability classes and pwn the heap with a variety of techniques, with the capability to easily learn more.

    Trainer BIO(s):
    Maxwell Dulin (Strikeout) is a security consultant at Security Innovation hacking all things under the sun, from robots to web applications. Additionally, he started the Spokane Mayors Cyber Cup and has written pwnables for SSD. Maxwell has published many articles for a plethora of heap exploitation techniques, assorted web application hacking exploits and IoT device vulnerability hunting. He has previously spoken at DEFCON 27 IoT Village. In his free time, he plays with RF toys, hikes to fire lookouts and catches everything at dodgeball.

    Maxfield Chen received a computer science degree from RPI, but spent most of my time skipping class, picking locks, and hanging out in the basement with the security minded folks who went on to start Ret2. At Security Innovation, he specializes in firmware hacking, OAuth, kiosks, and binary exploitation. Outside of work he is designing open source hardware, writing type-safe board game servers with haskell, cursing at compilers, and trying his best to stop my dog from eating the wrong things.

    Nathan Kirkland:
    Raised on a steady diet of video game modding, when Nathan found programming as a teenager, he fit right into it. Legend says he still keeps his coffee (and tear) stained 1980s edition of The C Programming Language by K&R stored in a box somewhere. A few borrowed Kevin Mitnick books later, he had a new interest, and began spending more and more time searching for buffer overflows and SQL injections. Many coffee fueled sleepless nights later, he had earned OSCP, and graduated highschool a few months later. After a few more years of working towards a math degree and trying fervently to teach himself cryptanalysis, he decided to head back to the types of fun hacking problems that were his real first love, and has worked at Security Innovation ever since.

    Last edited by Dark Tangent; 6 days ago. Reason: Removed outline, it might change before the workshop
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A
Working...
X