Hack5: Exploit Development

This training course will impart the theoretical and practical principles of the functionality and development of exploits. The main aim here is to examine how target platforms are structured, what special aspects they contain, what different methods for analyzing vulnerabilities exist, what tools are important for exploit development (debuggers, disassemblers, exploit frameworks, etc.) and how various types of vulnerabilities can be exploited. The two-day course will also examine the question of what opportunities are available for protecting yourself against attackers' exploitation of the shown vulnerabilities and how hackers may circumvent these protection measures.

Topics

Special aspects of hidden target platforms

Processor architecture: x86
Operating systems: Windows, Unix/Linux

Different forms of vulnerability analysis

Static code analysis
- Source code analysis
- Analysis of binary programs (reverse code engineering)
Dynamic code analysis (runtime analysis)
- Behavior-based security analysis
- Fuzzing

Tools of the Trade: Important tools for exploit development

Debuggers/disassemblers/exploit frameworks/ assemblers (x86)
Programming language of choice (e.g. C/C++, Python, Perl, Ruby, etc.)

Exploitation of different vulnerability types

Errors in the hardware architecture, software architecture and application logic
Errors in data processing, e.g.
- Buffer overflow vulnerabilities (stack, heap, off-by-one)
- Format string vulnerabilities