'Sploit Out: Hands-on introduction to exploit writing
Saturday, December 15, 2012 from 6:00 PM to 10:00 PM (MST)
Salt Lake City, UT
Dec 15, 6:00 - 10:00pm.
SLC Transistor, 440 South 700 East Unit #102
It's time DC801 gets some exploit writing action. On December 15, I'm getting things started by putting together a hands-on introductory workshop covering stack overflows, format string vulnerabilities, and command injection in x86 linux. We will be finding vulnerabilities by reading source code, fuzzing (network, commandline, and file based), and using static analyzers. Then we will be writing exploits once suitable vulnerabilities have been found. To finish things off, we will port one of our exploits to Metasploit.
As long as you are familiar with Linux, know your base-2s and 16s, and can read (but not necessarily write) C programs, you should be fine. There will be a few rounds of debugging and looking at assembly code, but that can be learned during the workshop. You will need to bring a laptop with Virtualbox installed. Remember, this is a hands-on activity, not a lecture. You might leave without knowing exactly what you just did, but you won't leave without having written several exploits and finding lots of potential vulnerabilities (only on old programs or contrived examples. Most likely won't be finding any 0-days). I'm guessing it will last 4 hours.
Exploit writing can be frustrating. To ensure I can help you when you invariably get stuck, seating is limited to 11 spots. If enough people sign up for the waiting list, another session will be held early next year.
Registration opens Nov 25 at 12:00am
When & Where
DC801 is the Salt Lake City chapter of Defcon Groups; it serves as a way for SLC hackers, modders, makers and tech enthusiasts to connect and share ideas.
Membership is free and open to anyone interested. For more information on the Salt Lake City group, check out:
IRC: #dc801 on freenode