Exploiting Software Vulnerabilities

Course Authors / Instructors:

Rodrigo Rubira Branco (BSDaemon) and Filipe Alcarde Balestra (coideloko)

Course length:	5 days
Language:	English

Course description

* Why learn how to break software?

* What is the differences between the hacking (security research) community and the open-source community?

* How do we release vulnerabilities?

* Web Vulnerabilities

• Cross-site scripting
• SQL Injection
• Remote file include
• Others

* Introduction to shellcode

• Hello World

* Injectable code
* Bypassing filters - Polymorphic shellcodes

• How it works?
• Structure
• Uses

* Stack Overflows

• Why it do exist?
• How it can be exploited?
   - Debugging software
   - Controlling the application
   - Searching for a return point
   - What else we can do?
  

* Heap Overflows

• Why it can be exploited?
   - Old School - breaking in to the old libc
   - What changed nowadays - be prepared
   - Differences between Windows and Linux systems
  

* Integer-related problems

• Widthness overflows
• Arithmetic overflows
• Signedness bugs

* Format String

• Is it dead?
• Exploiting

* Defeating security systems

• Breaking canary protection
   - controlling pointers
   - controlling indexes
  
• Breaking non-executable memory
   - Returning-into-libc (system())
   - Returning-into-libc (sprintf()/strcpy()) [the case of leaf functions]
  
• Breaking memory randomization
• By-passing glibc unlink protection

* Kernel Exploitation

• NULL pointer dereference
• Slab overflows
• Disabling security protections

* Remote exploitation - what are the challenges?

• Protocol analysis
• Remote system interaction
• Packet sizes
• Filters, Detectors (IDS/IPS/XYZ), others

* Keeping access - target inside systems

• Rootkits - How do they work?
• Syscall proxying, encoding, pivoting and others...

Dates:
July 20, 2008 - July 24, 2008 (Register for this date)

For more information concerning this course, please contact courses@scanit.net.