In this hands-on two day workshop, the participants will learn about the fundamentals of low level software exploitation on modern Linux and Windows systems. Participants will get an introduction into the x86 architecture in general and the characteristics of both operating systems. After initial exercises involving the exploitation of classic stack based buffer overflows, modern defense mechanism such as DEP and ASLR are presented and analyzed for weaknesses. The participants will learn how these defense mechanisms can be bypassed and will develop exploits targeting real world applications.
This is an exercise heavy course, attendees should be prepared to spend a lot of time inside a debugger, calculating memory addresses and watching their exploits crash.
IT Security professionals that are interested to learn more about low-level security and want to understand the meaning of SEH,ROP,ASLR,GS,NX and DEP. Basic experience with a scripting language such as Python or Ruby is recommended.
A laptop computer capable of running a Windows 7 and Ubuntu VM. >4GB of memory and at least 40GB of free disk space.
Birk is a Security Researcher at ERNW and enjoys exploitation the most, especially in very tricky and complex situations. He often attends CTFs (Capture the Flags) to challenge himself with tricky exploits while keeping up with daily consulting and assessment work. He currently holds OSCP, OSCE and OSEE certificates from offsec (Offensive-Security).
Oliver is an IT security researcher and practitioner at ERNW and has extensive experience on the offensive side of IT security (e.g. by means of penetration tests and research) and the defensive side (e.g. by means of consulting in large corporate environments).