In this hands-on two day workshop, the participants will learn about the fundamentals of low level software exploitation on modern Linux and Windows systems. Participants will get an introduction into the x86 architecture in general and the characteristics of both operating systems. After initial exercises involving the exploitation of classic stack based buffer overflows, modern defense mechanism such as DEP and ASLR are presented and analyzed for weaknesses. The participants will learn how these defense mechanisms can be bypassed and will develop exploits targeting real world applications.
This is an exercise heavy course, attendees should be prepared to spend a lot of time inside a debugger, calculating memory addresses and watching their exploits crash.
IT Security professionals that are interested to learn more about low-level security and want to understand the meaning of SEH,ROP,ASLR,GS,NX and DEP. Basic experience with a scripting language such as Python or Ruby is recommended.
A laptop computer capable of running a Windows 7 and Ubuntu VM. >4GB of memory and at least 40GB of free disk space.
Birk is a Security Researcher at ERNW and enjoys exploitation the most, especially in very tricky and complex situations. He often attends CTFs (Capture the Flags) to challenge himself with tricky exploits while keeping up with daily consulting and assessment work. He currently holds OSCP, OSCE and OSEE certificates from offsec (Offensive-Security).
Felix is a security researcher working for ERNW GmbH. His main interests are application security, reverse engineering and virtualization security. Felix has disclosed critical vulnerabilities in popular software such as Hyper-V, Xen, Typo3 or IBM GPFS and has presented his work at international conferences like PHDays, Hack in the Box, Infiltrate and Troopers.