Advanced Exploit Development

Course Group: 
Cyber Security

This course looks at exploit development on x86 and x64 platforms. Students will write shellcode and exploits targeting these platforms on both Linux and Windows. During the course participants will learn and apply techniques to bypass or weaken a range of security controls such as Stack Cookies, Data Execution Protection (DEP/NX) and Address Space Layout Randomisation (ASLR).

Topics covered include:

  • Shellcoding
  • Stack based overflows on Linux and Windows
  • SEH Exploitation
  • DEP and ROP
  • ASLR
  • Heap overflows

By the end of the course, students will be able to formulate exploitation strategies and begin to understand the core theory concepts which underpin the art and science of modern exploit development. Course alumni will be well placed to contribute as part of high end penetration testing teams, security engineers and architects, and secure coding professionals.


Who Should Attend?

Course Day Breakdown

Learning Outcomes

Further Information

Dates & Registration

Duration: 5 days

Delivery mode: Face-to-face

Location: Canberra

In-House Delivery: Contact the  for more information. Recommended for groups with over 10 personnel.


What you will receive:

  • Comprehensive set of course notes.
  • UNSW certificate of attendance.
  • Morning tea, lunch and afternoon tea.

Affiliated course: Introduction to Exploit Development (5 days)


Who Should Attend?: 

 

  • Exploit developers wanting to learn how to overcome mitigations (such as stack cookies and DEP).
  • Pentesters wanting to improve their exploit development skills.
  • Experienced software engineers.

Course Day Breakdown

Day 1

Computation, CPU Architecture, The Stack & Buffer Overflows

The session starts with an overview of the history of models of computation and the different types of CPU architecture. We’ll then move onto a comprehensive look at The Stack and binary operations. Students will participate in practical shellcoding and stack & BO exercises.

Topics

Shellcoding, x64/x86 Architectures, Stack Frames, Calling Conventions, Buffer Overflows, Memory Layout, Shellcode – Bad Characters.


Day 2

Linux and Windows Exploitation

Day 2 continues with buffer overflow labs for Linux and Windows environments. We’ll then move onto executable binary formats, sharing code, linking shared libraries and stack cookies through lecture and lab components.

Topics

Loading Executables, Executable Formats, Memory Layout, PE & ELF File Formats, Exploiting GOT, RELRO, Stack Cookies.


Day 3

Structured Exception Handling (SEH)

The session will introduce the concepts of Structured Exception Handling (SEH), Data Execution Prevention (DEP) and Return Oriented Programming (ROP). Labs will cover writing remote exploits using SEH and enabling DEP as a mitigation defeated with ROP.

Topics

SEH Exploitation, Mitigations, Protections, Return-to-libc, ROP Gadgets, ROP Chain.

Day 4

ASLR & Heap Overflows

Today’s session lectures will discuss Address Space Layout Randomisation and heap Overflows. Students will run through a number practical exercises included forcing and leveraging an info leak, understanding Heap Chunks, Allocations and writing exploits to learn more about Heap and how to control it.

Topics

ASLR, Heap Overflows, ASLR Bypasses, Non-rebased Modules, Info Leak, Stack Characteristics, Heap Characteristics, Operations, Management, Fragmentation, Managers and Integrity.


Day 5

Use After Free (UAF) & Vulnerability Discovery

Day 5 will cover the concepts of UAF and Vulnerability Discovery. Students will be able to put their newly acquired skills and knowledge into practice with a day of practical hands on exercises involving Code Review, Static Analysis and Fuzzing.

Topics

Heap Responsibilities, Pointer Validity, Free Lists, Heap Grooming/Spraying, UAF Case Studies, Code Review, Surface Attacks, Input Validation.


 

Learning Outcomes

On completion of this course, participants should be able to:

  • Develop and implement exploitation strategies for use on endpoints.
  • Understand modern vulnerabilities at a technical level.
  • Fuzz target programs and understand the role of code review to discover and evaluate unknown bugs.
  • Analyse vulnerabilities and exploits through the proficient use of industry standard tools, and report on impact, mitigation effectiveness and root cause.
  • Understand the inter-related nature of exploit mitigation controls in a modern endpoint and be able to identify weak points in the overall system of mitigations.

UNSW Canberra Cyber

UNSW Canberra Cyber is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.

The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.

Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.

Contact us at cyber@adfa.edu.au to discuss how.


Further Information

UNSW Canberra Cyber
UNSW Canberra
E:  cyber@adfa.edu.au       
W: www.unsw.adfa.edu.au/cyber
 
No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.

 

COURSE AVAILABILITY