Mr HIMANSHU KHOKHAR JAAT
is an independent security researcher. He has been messing with binaries for years now and he likes to travel when he gets time.
About Course
In this course, following topics will be covered:
1) Getting your feet wet
- a) X86 Architecture fundamentals
- b) Assembly Language Primer
- c) Functioning of Stack
- d) How does it help in Exploit Development?
2) Taxonomy of Vulnerabilities
- a) Memory Corruption Vulnerabilities
- b) Integer Wrapping Issues
- c) Race Conditions
- d) Logic Bugs
- e) Summary
3) Getting Started with Practical Exploitation
- a) Buffer Overflow fundamentals
- b) Creating the Proof Of Concept of Vulnerability
- c) Gaining Code Execution
- d) Dealing with Bad Characters
- e) Making the exploit reliable
4) Mitigations
- a) Stack Cookies
- b) Using SEH to Bypass Stack Cookies
- c) Understanding SEHOP
- d) Data Execution Prevention
- e) Bypassing DEP
- f) Address Space Layout Randomization
- g) Bypassing ASLR
5) Fuzzing
- a) What is Fuzzing?
- b) How to Fuzz software
- c) Types of Fuzzing
6) Practical Fuzzing
- a) Network Protocol Fuzzing
- b) File Format Fuzzing
- c) Overview of Advanced Fuzzing Techniques
- a) Buffer Overflow fundamentals
- b) Creating the Proof Of Concept of Vulnerability
- c) Gaining Code Execution
- d) Dealing with Bad Characters
- e) Making the exploit reliable
4) Mitigations
- a) Stack Cookies
- b) Using SEH to Bypass Stack Cookies
- c) Understanding SEHOP
- d) Data Execution Prevention
- e) Bypassing DEP
- f) Address Space Layout Randomization
- g) Bypassing ASLR
5) Fuzzing
- a) What is Fuzzing?
- b) How to Fuzz software
- c) Types of Fuzzing
6) Practical Fuzzing
- a) Network Protocol Fuzzing
- b) File Format Fuzzing
- c) Overview of Advanced Fuzzing Techniques
- a) What is Fuzzing?
- b) How to Fuzz software
- c) Types of Fuzzing
