Modern Binary Exploitation
4 Day u_long 32 CPE Hour Training: January 2021
This four-day training will teach students without prior experience how to develop exploits for modern binary software, taking them from 1990s style buffer overflows through contemporary exploitation in programs protected by stack canaries, NX, RELRO, and ASLR. The training will focus on exploiting Linux user mode x86/x64 binaries, but the lessons learned from the class are widely applicable to other platforms and architectures. Students will learn to reason about the fundamental structures that give rise to software vulnerabilities, underlie various exploitation techniques, and drive mitigation development.
The course is primarily hands-on-keyboard exercises rather than lecturing, but will introduce diagrams and theory as needed. The entire class will regularly sync up as a group to discuss concepts, problems, and solutions.
- Program structure
- Disassembly and Debugging
- x86/x64 refresher
- Basic bug classes
- Hijacking control flow
- Stack overflows
- Classic Exploitation
- Corrupting function pointers
- Arithmetic and integer errors
- Heap overflows
- Linux syscall interface
- Overcoming Exploit Mitigations
- Stack canaries
- Intro to ROP
- Putting It All Together
- Combining primitives
- Reasoning about mitigations and bypasses
- Exploitation on other platforms and architectures
- Continuity of execution
- Weird machines
Students are expected to have experience programming in C or C++, and basic knowledge of the Linux command line. Prior experience with reverse-engineering is nice to have, but not required.
Computer capable of running a virtual machine. Recommended minimum 8GB RAM with quad-core processor. VMWare or VirtualBox to run a Linux VM (all exercises will be in the Linux VM)
Jeremy Blackthorne (@0xJeremy) is a co-founder and instructor at the Boston Cybernetics Institute (BCI). Before BCI, he was a researcher in the Cyber System Assessments group at MIT Lincoln Laboratory. He was the co-creator and instructor for the Rensselaer Polytechnic Institute courses: Modern Binary Exploitation and Malware Analysis. Jeremy has published research at various academic and industry conferences. He served in the U.S. Marine Corps with three tours in Iraq and is an alumnus of RPISEC.