docAdvanced Vulnerability Discovery and Exploit
download 
Report Transcription
Advanced Vulnerability Discovery and Exploit
PTRACE SECURITY Information Security Solutions Advanced Vulnerability Discovery and Exploit Development Version 1.5.3 [email protected] https://www.ptrace-security.com Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland 1/5 PTRACE SECURITY Information Security Solutions Course Description The Advanced Vulnerability Discovery and Exploit Development course offers security professionals an opportunity to test and develop their skills like never before. During this class, attendees will be provided with the latest techniques and tools to discover vulnerabilities and use them to develop reliable exploits for a wide range of software including complex Windows applications, interpreted languages, Web browsers, and critical Microsoft services. In the first half of the course, attendees will use reverse engineering, source code auditing, and fuzz testing to attack a wide variety of applications (many of which are critical for a successful penetration test) and then use the latest exploitation techniques available today to develop a reliable exploit for Windows 7, Windows 8.1 and Windows 10. In the second half of the course, the focus will shift from classic to advanced exploitation techniques. Attendees will learn how to escape from the Java sandbox, how to circumvent ASLR without pointer leaks, how to use precise heap spraying and how to bypass the Enhanced Mitigation Experience Toolkit (EMET). By the end of this course, attendees will have a clear idea of how to find and exploit Zero-day (0day) vulnerabilities on modern Windows machines. Highlights Zero-day (0day) vulnerability discovery Cutting-edge network protocol and file format fuzzing Binary analysis techniques and vulnerable patterns identification Advanced usage of the Grinder Framework, PIN, PyKd, and IDA Python In-depth study of modern Windows mitigation bypasses State of the art techniques for exploit development Audience This course is well suited for penetration testers, vulnerability researchers, exploit developers, malware analysts, security auditors, digital forensics analysts, and IT professionals who are wishing to dive into vulnerability analysis and exploit writing. Price 4'750.00 EUR (5-day Live Training + 1 Certification Attempt) Course Content Module 0: The Course Welcome Course Overview Setting up the Lab [email protected] https://www.ptrace-security.com Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland 2/5 PTRACE SECURITY Information Security Solutions Module 1: Fundamentals Introduction to bug hunting The bug hunter’s toolkit Approaches and methodologies Microsoft Windows internals Overview of the system Process Management Memory protections Static and dynamic analysis Identifying key data structures Code flow analysis Scripting disassemblers Module 2: iTunes (CVE-2012-0677) Vulnerability discovery Introduction to fuzz testing File format fuzzing The M3U file format Exploitation Practical return-oriented programming (ROP) Bypassing DEP and ASLR on Windows 7 iTunes exploit variant 1 Bypassing DEP and ASLR on Windows 8 iTunes exploit variant 2 Vulnerability remediation Module 3: ActFax (OSVDB 89944) Vulnerability discovery Protocol format reverse engineering Network protocol fuzzing Exploitation ActFax exploit variant 1 ActFax exploit variant 2 Vulnerability remediation Module 4: Mozilla Firefox (CVE-2011-2371) Vulnerability discovery Vulnerable patterns Practical source code auditing [email protected] https://www.ptrace-security.com Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland 3/5 PTRACE SECURITY Information Security Solutions Intelligent bug hunting Fast memory error detection with the Address Sanitizer (ASan) Development of precise browser fuzzers Exploitation Exploiting integer overflows Firefox exploit variant 1 - with non-ASLR module Circumventing the ASLR without info leaks Firefox exploit variant 2 – without non-ASLR module Vulnerability remediation Module 5: Microsoft Internet Explorer (CVE-2012-1889) Vulnerability discovery Introduction to binary diffing Bindiff vs. DarunGrim Microsoft patch analysis Exploitation Exploiting uninitialized memory corruptions Precise heap spraying in Internet Explorer Microsoft XML Core Services MSXML exploit variant 1 – IE 6 Microsoft XML Core Services MSXML exploit variant 1 – IE 7 Microsoft XML Core Services MSXML exploit variant 1 – IE 8 Microsoft XML Core Services MSXML exploit variant 1 – IE 9 Vulnerability remediation Module 6: Oracle Java (CVE-2012-0507) Vulnerability discovery Introduction to the Java virtual machine The Java sandbox architecture Analyzing Java code from the inside Fuzzing programming languages Exploitation Building custom shellcode from scratch Java exploit variant 1 Escaping the Java sandbox Java exploit variant 2 - with sandbox escape Vulnerability remediation Module 6: Adobe Reader (CVE-2013-0640, CVE-2013-0641) Vulnerability discovery The Adobe Portable Document Format (PDF) [email protected] https://www.ptrace-security.com Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland 4/5 PTRACE SECURITY Information Security Solutions Overview of the Adobe Reader internals Intelligent fuzzing The Adobe Reader sandbox Exploitation Writing advanced file format fuzzers Adobe Reader exploit - with sandbox escape Vulnerability remediation Module 6: Advanced Windows exploitation Exploitation mitigations on Windows 7, 8, and 10 Enhanced Mitigation Experience Toolkit (EMET) internals Bypassing EMET 5.1 State of the art stealth exploitation and process continuation Prerequisites Attendees should be familiar with C/C++, Python, and the x86 assembly language, as well as have a basic knowledge and understanding of popular software vulnerabilities (e.g. stack buffer overflows, format strings, etc.). Requirements Laptop with at least forty (40) GB of free hard drive space and four (4) GB of RAM Latest VMware Player, VMware Workstation, VMware Fusion installed. A working version of Burp Suite Pro Trainer Gianni Gnesa is a security researcher and professional trainer at Ptrace Security GmbH, a Swiss-based company that offers specialized IT security services to customers worldwide. With several years of experience in vulnerability research, exploit development, and penetration testing, Gianni is an expert in exposing the vulnerabilities of complex commercial products and modern network infrastructures. In his spare time, Gianni conducts independent security research on kernel exploitation and rootkit detection. Contact Information For further information, please contact Ptrace Security GmbH at [email protected] [email protected] https://www.ptrace-security.com Ptrace Security GmbH Untermüli 9, 6300 Zug, Switzerland 5/5
