4. Hack5: Exploit Development

Hack5: Exploit Development

Hack5: Exploit Development

This training course will impart the theoretical and practical principles of the functionality and development of exploits. The main aim here is to examine how target platforms are structured, what special aspects they contain, what different methods for analyzing vulnerabilities exist, what tools are important for exploit development (debuggers, disassemblers, exploit frameworks, etc.) and how various types of vulnerabilities can be exploited. The two-day course will also examine the question of what opportunities are available for protecting yourself against attackers' exploitation of the shown vulnerabilities and how hackers may circumvent these protection measures.

Topics

Special aspects of hidden target platforms

  • Processor architecture: x86
  • Operating systems: Windows, Unix/Linux

Different forms of vulnerability analysis

  • Static code analysis
    • Source code analysis
    • Analysis of binary programs (reverse code engineering)
  • Dynamic code analysis (runtime analysis)
    • Behavior-based security analysis
    • Fuzzing

Tools of the Trade: Important tools for exploit development

  • Debuggers/disassemblers/exploit frameworks/ assemblers (x86)
  • Programming language of choice (e.g. C/C++, Python, Perl, Ruby, etc.)

Exploitation of different vulnerability types

  • Errors in the hardware architecture, software architecture and application logic
  • Errors in data processing, e.g.
    • Buffer overflow vulnerabilities (stack, heap, off-by-one)
    • Format string vulnerabilities

Protection measures and workarounds

  • Stack cookies
  • SafeSEH
  • Data execution prevention (DEP)
  • Address space layout randomization (ASLR)

Technical requirements

Basic knowledge of operating systems and computer architecture

Duration

Two days

Trainings Awe1 "Getting to Know IT Security", Awe2 "Phishing Awareness" and Awe3 "Social Engineering Awareness"

For download in German only

Training 2023

For download in German only

Dates & Registration 2023

For download in German only

Training 2024

For download in German only

Dates & Registration 2024

For download in German only

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de | OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

DO NOT HESITATE TO GET IN TOUCH +49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours CALL +49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number

GET IN TOUCH

+49 (0)7071 - 40 78 56-0 or anfrage@syss.de

OUTSIDE REGULAR OFFICE Hours

+49 (0)7071 - 40 78 56-99

As a framework contract customer please dial the provided on-call service number