Tweet
Maxwell Dulin, James Dolan, Zachary Minneker, Kevin Choi - House of Heap Exploitation
Abstract:
Thursday from 1400 to 1800
EventBrite Link: https://www.eventbrite.com/e/maxwell...s-378878183847
Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity. To conquer this difficultly, the workshop tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises/challenges and creating easy to grasp diagrams to understand all of the concepts.
This workshop is for learning heap exploit development in glibc Malloc, which is the default allocator on most Linux distrobutions. With this hands-on introduction into glibc Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. To make the material easy to consumable, there are many hands-on exercises, a pre-built virtual machine with everything necessary for binary exploitation and an immense amount of visuals for explaining the material. After taking this course you will understand the internals of the glibc Malloc allocator, be able to uncover heap memory vulnerabilities and pwn the heap with a variety of techniques, with the capability to go further into the art afterwards.
Skill Level: Intermediate. This is not a beginner course; this will not go through the basics of binary exploitation very much.
Materials Needed:
Laptop with enough power for a moderately sized Linux VM
Administrative access to the laptop
8GB RAM minimum
30GB harddrive space
Virtualbox or another virtualization platform installed
Bios:
Maxwell Dulin (also known as Strikeout) loves hacking all things under the sun. In his day job, he works as a security engineer primarily focused on web applications. But at night, he leaves the tangled web into the open space of radio signals, garage doors, scoreboards, RC cars, and pwn challenges. From the latter, he gained enough expertise to create a heap exploitation course that has been delivered at a number of security conferences, including DEFCON. In his spare time, he has found Linux kernel 0-days, and reverse engineered numerous wireless devices. To summarize, if you put something in front of him, he'll find a way to break it and make it do what he wants.
Zachary Minneker is a security researcher and security engineer at Security Innovation. His first computer was a PowerPC Macintosh, an ISA which he continues to defend to this day. At Security Innovation, he has performed security assessments on a variety of systems, including robots for kids, audio transcription codecs, and electronic medical systems. He has previous experience administrating electronic medical systems, and deep experience in fuzzing, reverse engineering, and protocol analysis. His research has focused on techniques for in-memory fuzzing, macOS sandbox security, and IPC methods.
Kenzie Dolan (they/she) works for Security Innovation as a Senior Security Engineer focusing on engagements ranging from IoT hacking to kiosk exploitation. Their current research interests include emerging threats against Mobile and IoT devices. They have a degree in Computer and Information Science from University of Oregon. In their free time, Kenzie enjoys composing music, playing video games or hiking in the greater Seattle area.
Raised on a steady diet of video game modding, when Nathan found programming as a teenager, he fit right into it. Legend says he still keeps his coffee (and tear) stained 1980s edition of The C Programming Language by K&R stored in a box somewhere. A few borrowed Kevin Mitnick books later, he had a new interest, and began spending more and more time searching for buffer overflows and SQL injections. Many coffee fueled sleepless nights later, he had earned OSCP, and graduated highschool a few months later. After a few more years of working towards a math degree and trying fervently to teach himself cryptanalysis, he decided to head back to the types of fun hacking problems that were his real first love, and has worked at Security Innovation ever since.
Justin "drtychai" Angra (he/they) is former nuclear physicist and current security researcher. They have spent over a decade working on low-level vulnerability research and exploitation methodologies. Their primarily focusing has been on fuzzing JavaScript compilers, security validation, building weird shit in Rust, and software penetration testing. They're a member of the OpenToAll and Neg9 CTF teams and enjoys working with spray paint in their free time.
Max Class Size: 100
[]
Abstract:
Thursday from 1400 to 1800
EventBrite Link: https://www.eventbrite.com/e/maxwell...s-378878183847
Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity. To conquer this difficultly, the workshop tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises/challenges and creating easy to grasp diagrams to understand all of the concepts.
This workshop is for learning heap exploit development in glibc Malloc, which is the default allocator on most Linux distrobutions. With this hands-on introduction into glibc Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. To make the material easy to consumable, there are many hands-on exercises, a pre-built virtual machine with everything necessary for binary exploitation and an immense amount of visuals for explaining the material. After taking this course you will understand the internals of the glibc Malloc allocator, be able to uncover heap memory vulnerabilities and pwn the heap with a variety of techniques, with the capability to go further into the art afterwards.
Skill Level: Intermediate. This is not a beginner course; this will not go through the basics of binary exploitation very much.
Materials Needed:
Laptop with enough power for a moderately sized Linux VM
Administrative access to the laptop
8GB RAM minimum
30GB harddrive space
Virtualbox or another virtualization platform installed
Bios:
Maxwell Dulin (also known as Strikeout) loves hacking all things under the sun. In his day job, he works as a security engineer primarily focused on web applications. But at night, he leaves the tangled web into the open space of radio signals, garage doors, scoreboards, RC cars, and pwn challenges. From the latter, he gained enough expertise to create a heap exploitation course that has been delivered at a number of security conferences, including DEFCON. In his spare time, he has found Linux kernel 0-days, and reverse engineered numerous wireless devices. To summarize, if you put something in front of him, he'll find a way to break it and make it do what he wants.
Zachary Minneker is a security researcher and security engineer at Security Innovation. His first computer was a PowerPC Macintosh, an ISA which he continues to defend to this day. At Security Innovation, he has performed security assessments on a variety of systems, including robots for kids, audio transcription codecs, and electronic medical systems. He has previous experience administrating electronic medical systems, and deep experience in fuzzing, reverse engineering, and protocol analysis. His research has focused on techniques for in-memory fuzzing, macOS sandbox security, and IPC methods.
Kenzie Dolan (they/she) works for Security Innovation as a Senior Security Engineer focusing on engagements ranging from IoT hacking to kiosk exploitation. Their current research interests include emerging threats against Mobile and IoT devices. They have a degree in Computer and Information Science from University of Oregon. In their free time, Kenzie enjoys composing music, playing video games or hiking in the greater Seattle area.
Raised on a steady diet of video game modding, when Nathan found programming as a teenager, he fit right into it. Legend says he still keeps his coffee (and tear) stained 1980s edition of The C Programming Language by K&R stored in a box somewhere. A few borrowed Kevin Mitnick books later, he had a new interest, and began spending more and more time searching for buffer overflows and SQL injections. Many coffee fueled sleepless nights later, he had earned OSCP, and graduated highschool a few months later. After a few more years of working towards a math degree and trying fervently to teach himself cryptanalysis, he decided to head back to the types of fun hacking problems that were his real first love, and has worked at Security Innovation ever since.
Justin "drtychai" Angra (he/they) is former nuclear physicist and current security researcher. They have spent over a decade working on low-level vulnerability research and exploitation methodologies. Their primarily focusing has been on fuzzing JavaScript compilers, security validation, building weird shit in Rust, and software penetration testing. They're a member of the OpenToAll and Neg9 CTF teams and enjoys working with spray paint in their free time.
Max Class Size: 100
[]
Comment