In this 1 day class we will study exploit development for Windows picking up where Introduction to Exploit Development left off. In class you will gain hands on experience finding vulnerabilities, writing working exploits from scratch, and porting public exploit code to meet your needs. Having previously learned stack based buffer overflows and SEH overwrites, in this class we will look at more advanced techniques such as dealing with a lack of space for shellcode, using egghunters, bypassing ASLR and bypassing DEP. We will look at public exploit code and porting it to fit our environment’s needs. We will also look at writing Metasploit modules and porting our exploits into Metasploit modules. Hands on labs will be covered in class. Additional exploitable programs will be included for after class practice. No programming experience is required. We will begin with exploit skeletons in Python and focus our efforts in creating working exploit strings.
When: TBA
Where: Online! The class will be held using GoToMeeting. There is a free client download for Windows and Mac. Like most useful things it isn’t supported on Linux unfortunately. You will able to see me, hear me, and see my screen as I demonstrate the hands-on material.