An Introduction To Modern Binary Exploitation

Presented at THOTCON 0x9 (2018), May 5, 2018, 2 p.m. (100 minutes).

Ever wondered what really goes on when you use an "exploit"? This workshop will demistify binary exploitation, and teach you how to discover your own vulnerabilities and write exploits for them. We'll begin by covering the basics of binaries work - the stack vs the heap, a brief primer on x86 assembly, and how syscalls work. Then, we'll talk about memory corruption, and how attackers can use it take control of programs and bend them to do their bidding. By the end of the workshop, you'll understand 1980s and 90s style stack based buffer overflows, and should even be able to write a few basic ones yourself. A provided VM will allow attendees to follow along and work through exploitation challenges with the presenter. A whole semester-long college course's worth of slides and challeges will provide you with the material to keep studying exploitation after the workshop, covering all the way up to DEP/ASLR bypasses and Linux local privesc exploits.


Presenters:

  • Alexei Bulazel
    Alexei Bulazel is a security researcher and an alumnus of RPI/RPISEC. A frequent conference speaker, he has presented all over the world.
  • Jeremy Blackthorne
    Jeremy Blackthorne is the cofounder and president of the Boston Cybernetics Institute where he provides cybersecurity training in support of national security.
  • Sophia d'Antoine
    Sophia d'Antoine is working in Cyber Security at Trail of Bits, out of NYC. She received her Master's in Computer Security at Rensselaer Polytechnic Institute. She spends time speaking at conferences, participating in CTF's and other challenges, teaching at RPI and writing Program Analysis tooling.

Similar Presentations: