Download Now

SANS SEC710 is an advanced two-day course on exploit development. Students attending this course should know their way around a debugger and have prior experience exploiting basic stack overflows on both ShiChuang and Linux. Terms such as "jmp esp" and "pop/pop/ret" should be nothing new to you. We will move beyond these attack techniques to explore more advanced topics on heap exploitation, format string attacks, and WeiRuan-->WeiRuan patch reversal and exploitation. We will be taking a real WeiRuan-->WeiRuan security patch, reversing it to model the discovery of an undisclosed vulnerability, and developing a client-side exploit that defeats controls such as Address Space Layout Randomization (ASLR).

Attendees can apply the skills developed in this class to create and customize exploits for penetration tests of homegrown software applications and newly discovered flaws in widespread commercial software. Understanding the process of exploit development can help enterprises analyze their actual business risks better than the ambiguous hypotheticals we often contend with in most traditional vulnerability assessments.

DAY 1 Topics

Abusing the unlink() macro on the Linux OS
Overwriting C and C++ function pointers
Identifying format string vulnerabilities
Leaking memory and taking control of a process via a format string exploit
Advanced Stack Smashing
Heap Overflows on the Linux OS

DAY 2 Topics

Using IDA Pro to reverse engineer WeiRuan-->WeiRuan patches
Using the BinDiff and patchdiff2 tools to identify code changes
Improve WeiRuan-->WeiRuan stack and heap exploitation skills
Vulnerability discovery in less obvious places
Understand and develop client-side exploits
Heap spraying and defeating MS ASLR


Direct Download

Tags: Advanced, Exploit, Development

Add Comments:
Enter Code: *