Zero To Leet - 64-bit Linux Exploitation

4 Day u_long 32 CPE Hour Training: August 2020 * AUG 1,2,4,6

Hahna Latonick

Abstract

Zero to Leet brings you an intense 32 hour course featuring a practical hands-on approach to exploit development on 64-bit Linux systems. This class is perfectly suited for students who are new to exploit development and want to break into the field of offensive security.

Our beginner level class kicks off with an introduction to x64 Intel architecture and assembly language, static analysis of vulnerable userland x64 binaries using IDA Pro, and GDB debugging techniques for dynamic analysis. Next, we'll exploit stack-based buffer overflows where we will write shellcode from the ground up to gain code execution. Then we'll bypass exploit mitigation techniques like XN/DEP using Return Oriented Programming (ROP). Labs will be conducted in a virtual environment for analysis and exploitation. Students will leave with the necessary hands-on experience, knowledge, and confidence to discover and exploit 0-day vulnerabilities in modern software.

SUGGESTED COMBO: HEAPLAB - GLIBC HEAP EXPLOITATION

Key Learning Objectives

  • Introduction to the x64 Intel architecture
  • Exploring x64 Intel assembly language
  • Understanding how functions work
  • Static analysis using IDA Pro
  • Debugging and dynamic analysis on 64-bit Linux systems
  • Decompiling binaries using Snowman
  • Understanding common vulnerability classes
  • Exploiting buffer overflows on the stack and heap
  • Writing shellcode from the ground up
  • Introduction to exploit mitigation techniques like XN/DEP
  • Introduction to Return Oriented Programming
  • Bypassing exploit mitigation using ROP
  • Writing exploits to bypass ASLR

Who Should Attend

  • Students with little to no experience in how to find and exploit software vulnerabilities
  • Students who want to become security researchers or work in the field of offensive security
  • Students familiar with 32-bit binary exploitation who want to upgrade their skills to 64-bit platforms
  • Bug Hunters who want to write exploits for all the crashes they find.
  • Members of reverse engineering research teams who want to learn exploit development

Agenda

Module 1:

  • Introduction to the x64 Intel architecture
  • Exploring x64 Intel assembly language
  • EXERCISES - Examples in x64 Intel Assembly Language
  • Understanding how functions work
  • Static analysis of vulnerable 64-bit binaries using IDA Pro
  • Debugging and dynamic analysis on 64-bit Linux systems
  • EXERCISES – Static and Dynamic Analysis labs

Module 2:

  • Introduction to stack-based buffer overflows
  • Exploiting Stack Overflows
  • EXERCISES - Stack Overflow exploitation
  • Introduction to heap-based buffer overflows
  • Introduction to heap exploitation
  • EXERCISES - Exploititing heap vulnerabilities

Module 3:

  • Writing Shellcode from the ground up
  • Introduction to Exploit Mitigation Techniques (XN/DEP)
  • Introduction to Return Oriented Programming
  • EXERCISES - Bypassing XN/DEP using ROP
  • ROP Tools
  • EXERCISES - Searching for ROP Gadgets
  • ROP Chaining
  • EXERCISES - Exploit featuring ROP Chains

Module 4:

  • Introduction to Exploit Mitigation Techniques (ASLR)
  • Bypassing ASLR
  • EXERCISES - Exploit featuring ASLR Defeats
  • EXERCISE - Exploit combining DEP + ASLR bypasses

Pre-requisites

  • Have a working knowledge of C programming and Python 2.7
  • Knowledge of computer architecture and x86 is preferred
  • Familiarity with navigating Linux environments and command line knowledge
  • If none of the above apply, then enough patience to go through the pre-class tutorials.

Pre-class Tutorials

The following tutorials have been specially prepared to get students up to speed on essential concepts before coming to class.

Hardware Requirements

  • A working laptop (no Netbooks, no Tablets, no iPads)
  • Intel Core i3 (equivalent or superior) required
  • 8GB RAM required, at a minimum
  • Wireless network card
  • 40 GB free Hard disk space

Software Requirements

  • Linux / Windows / Mac OS X desktop operating systems
  • IDA 7 Freeware. The free version is sufficient.
  • Snowman Decompiler. Free download here.
  • VMware Workstation or Fusion. The free 30-day trial is sufficient.
  • Ubuntu 14.04 64-bit virtual machine. This can be downloaded here.
  • Administrator / root access MANDATORY

Students will be provided with

Students will be provided with access to course slides, sample code, and lab exercises which attendees can take with them to continue learning and practicing after the training ends.