Prerequisites: For Attendees:
Attendees should be comfortable with fundamentals of C/C++. Knowledge of Computer Architecture and Assembly Language will be helpful but not required.
1) Laptop with at least 8GB RAM
2) VirtualBox or VMWare (Only if running Linux in VM)
3) Windows 7
4) Windows 7 Virtual Machine
5) Kali Linux Virtual Machine


->A Primer on Fuzzing and Exploit Development is a bootcamp on Exploit Development on Windows platform. It provides an opportunity to learn from the absolute zero to having practical knowledge that can be applied in the real world, on modern OS and applications. During this training, students will learn the fundamentals of Intel x86 architecture basics, Windows Memory Management model, fundamentals of Assembly Language and fuzzing techniques to make a strong base and then start with exploit development and how to find vulnerabilities.



->Workshop Date: FEBRUARY 29, 2020

->Workshop Duration: 6 Hours


About Trainer

karan

Mr HIMANSHU KHOKHAR JAAT

is an independent security researcher. He has been messing with binaries for years now and he likes to travel when he gets time.





About Course

In this course, following topics will be covered:


  • TOPICS

    1) Getting your feet wet
    • a) X86 Architecture fundamentals
    • b) Assembly Language Primer
    • c) Functioning of Stack
    • d) How does it help in Exploit Development?

  • 2) Taxonomy of Vulnerabilities
    • a) Memory Corruption Vulnerabilities
    • b) Integer Wrapping Issues
    • c) Race Conditions
    • d) Logic Bugs
    • e) Summary

    3) Getting Started with Practical Exploitation
    • a) Buffer Overflow fundamentals
    • b) Creating the Proof Of Concept of Vulnerability
    • c) Gaining Code Execution
    • d) Dealing with Bad Characters
    • e) Making the exploit reliable

    4) Mitigations
    • a) Stack Cookies
    • b) Using SEH to Bypass Stack Cookies
    • c) Understanding SEHOP
    • d) Data Execution Prevention
    • e) Bypassing DEP
    • f) Address Space Layout Randomization
    • g) Bypassing ASLR

    5) Fuzzing
    • a) What is Fuzzing?
    • b) How to Fuzz software
    • c) Types of Fuzzing

    6) Practical Fuzzing
    • a) Network Protocol Fuzzing
    • b) File Format Fuzzing
    • c) Overview of Advanced Fuzzing Techniques