Extreme Security Exploitation

Displaying courses for Great Britain [Change]

Overview

The course is focused on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. The participants will learn about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Operating Systems and how to bypass them.

The course is heavily focused on being hands-on. Reference material documents will be provided for concepts for further reading. This class is all hands on, from the word Go! Only code and exploitation techniques are what you will take home.

Objectives

  • Understand how exploits works and different types of software exploitation techniques
  • Understand the exploit development process
  • Search for vulnerabilities in closed-source applications
  • Write their own exploits for vulnerable applications

Tools/Concepts

  • DEP (Data Execution Prevention)
  • ASLR
  • Debugger (Windbg primarily, but any other debugger like Ollydbg or Immunity Debugger will do)
  • Assembly
  • HexEditor
  • Python 2.7
  • Windows XP/7

Audience

  • Information Security Professionals, Software Developers
  • Anyone with an interest in understanding exploit development
  • Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the next level

Prerequisites

  • Working knowledge of Windows Operating System Linux Operating Systems
  • Working knowledge of scripting languages like Ruby or Python
  • Basics of x86 Assembly
  • Comfortable with command-line utilities

Syllabus

Day 1

  • Basic, yet effectively fuzzing Microsoft Excel 2007 (XLS)
  • Identifying the vulnerablity
  • Controlling registers and program flow
  • Popping up calc!

Day 2

  • Understanding Heap Spraying
  • Exploiting a Use-After-Free in Internet Explorer 6
  • Exploting a Heap Overflow in Adobe Reader 8
  • Exploiting Adobe Reader on Windows 7 using ROP chains
  • Understanding ASLR bypasses

What to expect

  • Calc.exe popping up everywhere!
  • Two days of debugging and disassembling.
  • Only place where *pointers are not the ideal ones.

What not to expect

  • Anything not related to Exploit Development
  • Theory and Slides!

Training provider

Teaching mode: Classroom - Instructor Led
Duration: 2 days
Gooroo has partnered with the global leaders in IT training to give you access to quality training, personalised to you, targeted at increasing your job opportunities and salary.

Our pricing

We do not display pricing as Gooroo members qualify for special discounts not available elsewhere. You must enquire through Gooroo to get this benefit.

New courses are happening all the time

Our partner's expert training consultant will provide you with the times and all the details you need. Enquire today.

Top skills covered in this course

Python
Great Britain
This skill has an average salary of
£57,873
and is mentioned in
3.71%
of job ads in this area.
Internet Explorer
Great Britain
This skill has an average salary of
£47,065
and is mentioned in
0.63%
of job ads in this area.
Debugging
Great Britain
This skill has an average salary of
£50,847
and is mentioned in
0.59%
of job ads in this area.