Please confirm if this course is available in current course offerings.
To express interest for a different date, please fill out the
This course will introduce students to the art and science of exploit development. Core concepts involving debuggers, stack based overflows, disassemblers and some defence mitigation will be taught in a largely practical delivery style. Instruction will commence with an overview of foundational theory concepts, and will then quickly dive into the intricacies of modern x86 CPUs. Mitigations such as DEP and ASLR will be investigated, and students will have the opportunity to demonstrate their new skills in an extended capstone exercise on the final day.
*Note: this course is a foundational course and will not teach 64 bit exploitation or advanced protection bypass techniques.
On completion of this course, participants should be able to:
Core Exploitation Theory
The session starts with an overview of the history of models of computation and the different types of CPU architecture. We’ll then move onto Program Representation and The Stack. Shellcoding Tips and exercises will be covered during the lab session.
Turing Model of Computation, x64/x86 Architectures, Compilation/Decompilation, Endianess, Stack Frames, Calling Conventions.
Stack based Overflows on Linux and Windows
Day 2 covers Buffer Overflows for Linux and Windows environments. We’ll then move onto executable binary formats, sharing code, linking shared libraries and stack cookies through lecture and lab components.
Executable Formats, Memory Layout, Buffer Overflows, Shellcoding – Bad Characters, Exploiting GOT, RELRO, Stack Cookies.
Introduction to Mitigations
The session will introduce the concepts of Structured Exception Handling (SEH), Data Execution Prevention (DEP) and Return Oriented Programming (ROP). Labs will cover writing remote exploits using SEH and enabling DEP as a mitigation defeated with ROP.
SEH Exploitation, Mitigations, Protections, Return-to-libc, ROP Gadgets, ROP Chain.
ASLR & Heap Overflows
Today’s session lectures will discuss Address Space Layout Randomisation and heap Overflows. Students will run through a number of practical exercises including forcing and leveraging an info leak, understanding Heap Chunks, Allocations and writing exploits to learn more about Heap and how to control it.
ASLR, Heap Overflows, ASLR Bypasses, Non-rebased Modules, Info Leak, Stack Characteristics, Heap Characteristics, Operations, Management, Fragmentation, Managers and Integrity.
This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):
K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
K0440: Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability.
K0530: Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation.
K0560: Knowledge of the basic structure, architecture, and design of modern communication networks.
S0001: Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
S0073: Skill in using virtual machines. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc.).
A0044: Ability to apply programming language structures (e.g., source code review) and logic.
A0093: Ability to identify/describe techniques/methods for conducting technical exploitation of the target.
The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.
To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework
Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.
UNSW Institute for Cyber Security is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.
The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.
Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.
Contact us at firstname.lastname@example.org to discuss how.