Day 1
Lecture: EMET includes 5 ROP protections. We discuss how they work, and how they could be bypassed
Lab: Bypass EMET by upgrading existing working exploit
Lecture: Browser vendors have added UaF protections
Lab: Bypass Isolated Heap and Deferred Free
Lecture: Describe new feature in VS 2015, used to protect program execution
Lab: Bypass Microsoft's Control Flow Guard
- Browser Extension Exploitation
Lecture: Discuss flash and describe an exploit that was disclosed as part of the Hacking Team fiasco
Lab: Understand and work with the exploit
Day 2
Lecture: Discuss the Windows Architecture, including the principles and components of the Kernel
Lab: Learn how to debug system code
Lecture: Windows drivers- how they work and how to find bugs in them
Lab: Find bugs in the provided driver code
Lecture: Syscalls, IOCTLs, User/GDI, Networking/IO stacks, etc.
Lab: Perform GDI/Font fuzzing
Lecture: Teach about kernel exploits and defenses
Lab: Examine details of two kernel exploits: how ROP and actual elevation works
Anyone interesting in hard core code security and vulnerabilities. Security researchers, managers, testers, developers, security architects, etc.
It is recommended that you first take "Application Security: for Hackers and Developers" or have equivalent knowledge
Students are required to provide a laptop for the course. Your computer should have 100GB of free HD space and should have 8GB of RAM. Install ahead of time either VMware workstation/player or Fusion.
You will be given multiple virtual machines. Copy to your hard drive, and pass the portable Media to your neighbor. You may not share any course material with non-students.
