Black Hat Digital Self Defense Europe 2007
Training

training

Black Hat Europe Training 2007
Moevenpick Hotel Amsterdam City Centre, the Netherlands • 27-28 March 2007

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Black Hat Registration

Automating Exploit Detection:
Cutting-edge Tools and Techniques

Matt Hargett & Luis Miras

What to Bring:
Users should have mono 1.1.16 or newer installed on their Windows®, Linux®, or Mac OS X® laptop(s) for the coding aspect of the class if they want to participate. Participation in coding is not required.

Windows users, we will be requiring .NET 2.0 and SharpDevelop 2.0.

Students' laptop(s) should also be able to copy files from a USB storage device.

Overview:
Whether you are an exploit coder by night for fun or a security consultant by day for profit (or both), this class will teach techniques to automate and streamline many of the tedious tasks encountered in the process finding exploits. From breaking down the process of where to start and where time is spent, to automating common up-front tasks and using analysis tools to make effective use of time, this class is both comprehensive and hard-core enough for both novices and experts. Exercises will uncover several previously known and novel real-world vulnerabilities that will be dissected and found using the techniques and tools described. Students will have a solid foundation for both using existing tools as well as creating their own automated tools.

Day One: Optimizing exploit discovery with best practices and free tools
The first day will discuss the process applied to discovering several novel security vulnerabilities, then will reflect on where tools and best practice techniques can be used to arrive at the exploits more quickly.

Day Two: Creating Automated Tools for optimizing exploit discovery.
The second day will involve taking what we learned the first day to the next level by using automated binary analysis techniques to create and enhance a tool for automatically finding exploits. Using and enhancing this tool, we will find novel exploitable vulnerabilities and get a deep understanding of the perceived and actual limitations of this technique.

Prerequisites:
Knowledge of a C-like programming language (C, C++, C#, or Java) is required. Knowledge of one of the following assembly languages is helpful but not required: x86, Java, SPARC, MIPS, .NET

There are some coding aspects to the class that students are not required to participate in and will be fully explained by the instructor.

Users should have mono 1.1.16 or newer (http://www.mono-project.com) installed on their Windows, Linux, or MacOS X laptop(s) for the coding aspect of the class if they want to participate. Participation in coding is not required.

Windows users, we will be requiring .NET 2.0 and SharpDevelop 2.0.

Students' laptop(s) should also be able to copy files from a USB storage device.

Trainer:

Matt Hargett has over 8 years of experience in various aspects of network and application security, from managing product development to finding a broad range of exploitable bugs inoperating systems and applications. Most recently, he created the product BugScan which analyzed binaries for, and found several, novel exploitable security vulnerabilities. He is now working to educate security researchers and practitioners on applying public research and information toward building and evaluating static analysis tools and products.

Luis Miras is the lead vulnerability researcher at Intrusion Inc. He has done work for leading consulting firms. and Network Associates. He released the first public polymorphic shellcode at Defcon 8 and has also spoken at Toorcon 7 as well as the CCC Congress (17c3) in Berlin. In the past he has worked in digital design, and embedded programming.

Black Hat Registration

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Cost:

Early Bird:
Ends January 12, 2007

Regular:
Ends February 25, 2007

Late:
Ends March 18, 2007

Onsite:
Begins March 19, 2007

1500 EUR

1600 EUR

1700 EUR

1800 EUR

Black Hat Logo
(c) 1996-2007 Black Hat