Title: Exploit Development for beginners

Instructor: Sam Bowne & Elizabeth Biddlecome

Abstract: Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits incuding buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.

After this workshop, you will understand how memory is used by software, and why computers are so easily tricked into executing bytes as code that entered the system as data.

We will exploit 32-bit and 64-bit Intel systems, and also ARM-based systems. We will examine modern Windows defenses in detail and learn how to defeat them, including ASLR, DEP, stack cookies, and SEHOP.

Previous experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.

All materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.

Level: Intermediate

Pre-Requisites: Familiarity with C programming and assembly language is helpful, but not essential.

Required Materials: A laptop capable of running a virtual machine in VMware or VirtualBox.