Modern Binary Exploitation

4 DAY U_LONG 32 CPE HOUR TRAINING: JANUARY 2021 * JAN 23-29
Jeremy Blackthorne
Jeremy Blackthorne

Abstract

This four-day training will teach students without prior experience how to develop exploits for modern binary software, taking them from 1990s style buffer overflows through contemporary exploitation in programs protected by stack canaries, NX, RELRO, and ASLR. The training will focus on exploiting Linux user mode x86/x64 binaries, but the lessons learned from the class are widely applicable to other platforms and architectures. Students will learn to reason about the fundamental structures that give rise to software vulnerabilities, underlie various exploitation techniques, and drive mitigation development.

The course is primarily hands-on-keyboard exercises rather than lecturing, but will introduce diagrams and theory as needed. The entire class will regularly sync up as a group to discuss concepts, problems, and solutions.

Course Topics

  • Fundamentals
    • Program structure
    • Disassembly and Debugging
    • x86/x64 refresher
    • Basic bug classes
    • Hijacking control flow
    • Stack overflows
  • Classic Exploitation
    • Shellcoding
    • Corrupting function pointers
    • Arithmetic and integer errors
    • Heap overflows
    • Linux syscall interface
  • Overcoming Exploit Mitigations
    • Stack canaries
    • ASLR
    • DEP/NX
    • Ret2libc
    • Intro to ROP
  • Putting It All Together
    • Combining primitives
    • Reasoning about mitigations and bypasses
    • Exploitation on other platforms and architectures
    • Continuity of execution
    • Weird machines

Prerequisites

Students are expected to have experience programming in C or C++, and basic knowledge of the Linux command line. Prior experience with reverse-engineering is nice to have, but not required.

System Requirements

Computer capable of running a virtual machine. Recommended minimum 8GB RAM with quad-core processor. VMWare or VirtualBox to run a Linux VM (all exercises will be in the Linux VM)

Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated