Bug Hunting For Amateur Naturalists

Tue 9th:

Wed 10th:

Description

      Half the course will be on exploitation and the other half will be covering new materials on software fuzzing. Want to know what it takes to write your own exploit? Want to find your own memory corruption 0-days? This training is for the person on the street and (almost) no assumption is made on you having any prerequisite knowledge. This training is ideal for you if you have no prior experience in exploitation. It will attempt to ease you into the world of exploitation by covering classic buffer over flows. Following which we will guide you through on how to write your own fuzzer to find your own vulnerabilities. The course will be Windows platform centric. The following topics would be covered:
  • ASM Refresher
  • Buffer overflow 
  • Hands on exercises on writing your own exploit 
  • Fuzzing concept and theory 
  • Hands on exercises on building your own fuzzing framework and put it to the test on some crappy win32 application. Any bugs you find, you get to keep :) 

If we have time left over, we may cover the following as well:

  • SEH Exploitation
  •  Return-oriented programming (ROP) technique

By the end of the day, you should have a working fuzzer to find your own bugs.

Prerequisites

Some basic assembly would be helpful but our past experience is that participants were able to pickup what they need to know during the first hour. Should have at least program or scripted (any language) some simple stuff before.

Requirements

Laptop with VMWare Player/Workstation