Educational philosophers have consistently claimed that only by learning something in depth can a person escape from the confusions that commonly accompany a superficial knowledge base. That is why this workshop exist to give the attendance deep knowledge about vulnerabilities trough process of research with discovery and exploit.
Into the training sessions, trainer will make presentation of live demo examples and provide in depth learning of research and exploit techniques. From fuzzing techniques to discover security holes to ROP gadgets and egg-hunters to build shellcode, this workshop will cover all parts that a security researcher must know. The approach will be in learn-by-example methodology. There will be advance techniques for bypassing DEP and ASLR, heap spraying and a lot of examples to learn including real application vulnerabilities.
Practical exercises in this workshop are labs based on BYOD (Bring Your Own Device) lab execution. This means that attendant must bring his own laptop and conduct lab exercises there. Minimum requirements for lab exercises at least 25GB HDD space, 4GB RAM memory and installed VMware Player 7.1.2 with ability to run virtual machines. All lab exercises are done on virtual machines (Linux OS and Windows OS) that will be delivered on external media to the attendance at the beginning of the workshop. A wired network will be available in the room with access to internet, so attendant must make sure his laptop can connect to a wired network and bring USB Ethernet adapter if he needs one. The method of BYOD lab execution must be selected at the workshop registration form.
Unlike traditional courses, this workshop is intensive, very long and has highest level of difficulty.
E nroll in security research and discover vulnerabilities B reakfront to use and write security research tools is various programing languages P wned with creation of your custom exploits and feel the real power of hacking
Here you can learn how to:
Target !udience
This workshop will significantly benefit security officers, auditors, security professionals, developers, and anyone who is willing to learn in depth and really understand hacking and want to pen-test custom binaries and exploit custom built applications. All attendances will have opportunity to work as Security Researcher and Exploit Developer.
Duration
5 days (9h-19h)
Certification
At the end participants will receive the Certificate of Achievement signed by the Trainer.
Materials
All attendances will receive Presentation slides with notes (at the end of the workshop), Knowledge base materials (with interesting articles, suggested exercises etc.), unique tools and scripts with lab exercise manual.
Prerequisites
· Understand ethical hacking and its concepts · Basic programming skills · TCP/IP networking skills · Web application security and its vulnerabilities.
Learning foundations (Day 1)
- Programing skills C, PYTHON, assembler
- Architecture of OS and memory space
- Overflow and Injection basics
- Local and Remote Vulnerabilities · Exercises
Research and Exploit Vulnerabilities (Day 2 and 3)
- Approach method
- Way to find a door
- First doorstep activity
- Ending infinity
- Engineering Exploit Code · Exercises
!dvance Techniques (Day 4 and 5)
Mysteryland (bypassing memory protection) · Exercises