Exploit Development

Presented at SAINTCON 2019, Oct. 22, 2019, 1 p.m. (240 minutes)

**Training is limited to 40 people. Training is first come first serve!!!** Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions. After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data. Previous experience with C and assembly language is helpful but not required. Participants will need a laptop with VMware, or a credit card and a few dollars to rent cloud servers. **Training is limited to 40 people. Training is first come first serve!!!**

Presenters:

• Sam Bowne - CCSF
  Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, HOPE, BSidesSF, BSidesLV, RSA, and many conferences and colleges. Formal education: B.S. and Ph.D. in Physics Industry credentials: Infosec: CISSP, Certified Ethical Hacker, Security+, Defcon Black Badge, Splunk Core Certified User Networking: Network+, Certified Fiber Optic Technician, HE IPv6 Sage, CCENT, IPv6 Forum Silver & Gold, Juniper JN0-101, Wireshark WCNA Microsoft: MCP, MCDST, MCTS: Vista

Links:

• https://saintcon2019.sched.com/event/W6VM/exploit-development

Similar Presentations:

• DEF CON 31 (2023) / Introduction to Exploit Development Workshop
• SAINTCON 2019 / Privacy Workshop Training
• SAINTCON 2019 / Building a Vulnerability Management Program with Nessus Training