Advanced Security: for Hackers and Developers

VDA Labs | July 24-25



Overview

Day 1

  • ROP
Lecture: EMET includes 5 ROP protections. We discuss how they work, and how they could be bypassed
Lab: Bypass EMET by upgrading existing working exploit

  • Use-after-free
Lecture: Browser vendors have added UaF protections
Lab: Bypass Isolated Heap and Deferred Free

  • Control Flow Integrity
Lecture: Describe new feature in VS 2015, used to protect program execution
Lab: Bypass Microsoft's Control Flow Guard

  • Browser Extension Exploitation
Lecture: Discuss flash and describe an exploit that was disclosed as part of the Hacking Team fiasco
Lab: Understand and work with the exploit

Day 2

  • Kernel Debugging
Lecture: Discuss the Windows Architecture, including the principles and components of the Kernel
Lab: Learn how to debug system code

  • Kernel Auditing
Lecture: Windows drivers- how they work and how to find bugs in them
Lab: Find bugs in the provided driver code

  • Kernel Fuzzing
Lecture: Syscalls, IOCTLs, User/GDI, Networking/IO stacks, etc.
Lab: Perform GDI/Font fuzzing

  • Kernel Exploitation
Lecture: Teach about kernel exploits and defenses
Lab: Examine details of two kernel exploits: how ROP and actual elevation works

Who Should Take this Course

Anyone interesting in hard core code security and vulnerabilities. Security researchers, managers, testers, developers, security architects, etc.

Student Requirements

It is recommended that you first take "Application Security: for Hackers and Developers" or have equivalent knowledge

What Students Should Bring

Students are required to provide a laptop for the course. Your computer should have 100GB of free HD space and should have 8GB of RAM. Install ahead of time either VMware workstation/player or Fusion.

What Students Will Be Provided With

You will be given multiple virtual machines. Copy to your hard drive, and pass the portable Media to your neighbor. You may not share any course material with non-students.

Trainers

Dr. Jared DeMott is developing Vision (an EDR product), as the CTO of Binary Defense Systems. Jared is also the founder and regular trainer for vdalabs.com. You'll find fingerprints of his work all across the security industry. From fuzzing, code auditing, and exploitation, to malware and developer security courses on Pluralsight. When he's not bypassing EMET or CFG, he's enjoying time with his family, or being active outdoors.