EUSecWest: Security Masters Dojo London
| Next Session Dates: | May 19-20 2008 |
| Venue: |
To Be Announced London, U.K. |
| Duration: |
One Day Courses. Sessions begin at 10:00 a.m. and go to 6 p.m. (Unless otherwise stated.) |
|
Registration Maximum: |
10 Students per course session. |
| Price: |
GBP1000£ CAD$2000 Full day course (25% discount for early registration) |
Course: Assembly for Exploit Writing
Instructor:
Gerardo Richarte
(Core Security Technologies)
Register For This Course
Description
Trying to understand code execution vulnerabilities without understanding assembly is nonsense. We will start from scratch to learn assembly, going from no-assembly to understanding how buffer overflows, integer overflow and sign mistmatches work, what are the possibilities of their exploitation and hopefuly more.
The attendee will learn assembly, how to use a debugger, how to code small assembly programs and how to do basic exploits. There's no doubt he'll understand and learn to draw the stack (of utter importance for exploit writing), and if nothing else, what's more important, how to have lots of fun playing the ultimate game against other coders: how is it possible to make their programs do what YOU want.
PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.
During the course the student will invest a portion of his/her time working on the computer, solving exercises, and reinforcing all the new concepts and ideas. This way we'll focus on setting the cornerstone where he'll be able to build all his future knowledge on exploit writing. Not focusing on going too far, but rather going deeper.
The course will be heavily based on IA32 (x86) assembly.
You'll [hopefully] learn:
- Assembly reading
- Assembly writing (basics)
- Debugging (in windows at least)
- Reverse engeneering (basics)
- Buffer overflows
- Buffer overflows exploitation (some kinds)
- Integer overflows
- Sign-missmached comparisions
- How C is compiled into assembly
Prerequisites
Basic C reading/understanding skills.
Good coding experience in any language. (C, perl, python, pascal, Smalltalk, any other)
Prerequisite material
- A computer running Windows (2k or higher prefered)
- Your language of choice installed (C compiler, perl or python interpreter, Smalltalk, any other)
- OllyDbg installed (or we'll install it in the class)
- Networking (you'll probably want to use our internet access)
- You'll have to copy a few small files to your box (either network, CD or USB drive is fine)
- Gray matter
