Presented at
DeepSec 2013 „Secrets, Failures, and Visions“,
Unknown date/time
(Unknown duration)
In this 2 day class we will study introductory to intermediate exploit development for Windows and Linux platforms. In class you will gain hands on experience finding vulnerabilities, writing working exploits from scratch, and porting public exploit code to meet your needs. We will start with the basics of stack based buffer overflows, structured exception handler overwrites. Then we will move onto bypassing more advanced anti-exploitation measures such as stack cookies, ASLR, DEP, etc. The use of techniques such as egghunters, ROP, heap exploitation, etc. will be covered. In addition to writing exploits from scratch we will look at public exploit code and porting it to fit our environment's needs. We will also look at writing Metasploit modules and porting our exploits into Metasploit. Hands on labs for both Windows and Linux will be covered, exploiting real vulnerable programs.
Presenters:
-
Georgia Weidman
- Bulb Security LLC
Georgia Weidman is an experienced penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), NIST 4011, and Offensive Security Certified Professional (OSCP) certifications. Her groundbreaking work in the field of smartphone exploitation has been featured in print and on television including MIT Technology Review, Ars Technica, PC World, Fox News and Global TV Canada. She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and Bsides. Georgia has delivered highly technical security training at conferences, hacker spaces, and schools to excellent reviews. Building on her experience working in both the public and private sectors, Georgia founded Bulb Security LLC (http://www.bulbsecurity.com), a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.
Links:
Similar Presentations: