In this 1 day class we will study introductory exploit development for Windows and Linux platforms. Though at the end of one day you won’t be ready to write the latest iOS jailbreaks, this course will put the fundamentals in place to get to that point in later classes. In class you will gain hands on experience finding vulnerabilities, writing working exploits from scratch, and porting public exploit code to meet your needs. We will cover stack based buffer overflows, structured exception handler overwrites, as well as touching on bypassing anti-exploitation techniques such as DEP and ASLR. We will look at public exploit code and porting it to fit our environment’s needs. We will also look at writing Metasploit modules and porting our exploits into Metasploit modules. Hands on labs for both Windows and Linux will be covered. Additional exploitable programs will be included for after class practice. No programming experience is required. We will begin with exploit skeletons in Python and focus our efforts in creating working exploit strings.
When: TBA
Where: Online! The class will be held using GoToMeeting. There is a free client download for Windows and Mac. Like most useful things it isn’t supported on Linux unfortunately. You will able to see me, hear me, and see my screen as I demonstrate the hands-on material.