Presented at
DerbyCon 2.0 Reunion (2012),
Unknown date/time
(Unknown duration).
You will learn the exploit dev SDLC. Fuzz to identify vulns, crash the app, replicate crash, overwrite EIP, develop PoC, weaponize it with shellcode, turn your exploit into a metasploit module, & simulate a MSF git pull request.
Old, & current Windows memory protections will be discussed.
– Exploit Development life cycle
– Bypass current memory protections in Windows 7 i386 software, ie… SafeSEH/DEP/ASLR
– Fuzzing 101 // Will actually write a Ruby script from scratch
– Shellcode 101 & creation // Will actually write a Ruby script from scratch
– Use of Immunity for means of software exploitation on the Wintel i386 architecture
– Control the flow of programs by overwriting EIP, and ESP, and filtering out bad characters when good shellcode fails // Will actually write a Ruby script from scratch
– Learn how to write intelligent fuzzing scripts in the Ruby language for the FTP protocol // Will actually write a Ruby script from scratch
– Students will actually write their own scripts that take advantage of a known buffer overflow and get both a reverse shell, and a bind shell on remote target machines
– Turn the script into a Metasploit module
– Simulate a Metasploit git pull request :)
Presenters:
-
Rick Flores / nanoquetz9l
as Rick “nanoquetz9l” Flores
I have 9 years of proven experience in defensive security from 2003-2008, and offensive security from 2008-current. I enjoy being part of a dedicated team, but I am also successful working as an independent security/vulnerability/exploit researcher. I stay updated by tracking the latest vulnerabilities and collecting malware in the wild. I verify vulnerabilities by creating, analyzing, and or running PoC exploit code. I work well with others, and also have an easy-going bright personality. I enjoy working on tough projects, teaching people, and getting the job done right the first time even under stressful situations. Avid follower of the PTES framework.
Similar Presentations: