Modern Binary Exploitation

4 DAY U_LONG 32 CPE HOUR TRAINING: FEBRUARY 2022 * WEEK 2: FEB 19-25
Jeremy Blackthorne
Jeremy Blackthorne

Abstract

This training will teach students without prior experience how to develop exploits for modern binary software, taking them from 1990s style buffer overflows through contemporary exploitation in programs protected by stack canaries, NX, RELRO, and ASLR. The training will focus on exploiting Linux user mode x86/x64 binaries, but the lessons learned from the class are widely applicable to other platforms and architectures. Students will learn to reason about the fundamental structures that give rise to software vulnerabilities and the various techniques used to exploit them.

The course is primarily hands-on-keyboard exercises rather than lecturing, but will introduce diagrams and theory as needed.

Course Topics

Fundamentals

  • Program structure
  • Disassembly and Debugging
  • x86/x64 refresher
  • Basic bug classes
  • Hijacking control flow
  • Stack overflows

Classic Exploitation

  • Shellcoding
  • Corrupting function pointers
  • Arithmetic and integer errors
  • Heap overflows
  • Linux syscall interface

Overcoming Exploit Mitigations

  • Stack canaries
  • ASLR
  • DEP/NX
  • Ret2libc
  • Intro to ROP

Putting It All Together

  • Combining primitives
  • Reasoning about mitigations and bypasses
  • Exploitation on other platforms and architectures
  • Continuity of execution
  • Weird machines

Pre-requisites

Students are expected to have experience programming in C or C++, and basic knowledge of the Linux command line. Prior experience with reverse-engineering is nice to have, but not required.

Software requirements:

VMWare or VirtualBox to run a Linux VM (all exercises will be in the Linux VM)

Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated