Exploit Development

Contact information

For further information or to request a quotation, please contact the Professional Education Courses Unit on:

Enquiries Phone: 02 5114 5573

Enquiries Email: ProfEdCourses@adfa.edu.au

In-house delivery

UNSW Canberra Professional Education Courses may be available for in-house delivery at your organisation's premises. In-house courses allow maximum attendance without the additional travel costs. Courses can be developed to suit the specific staff development and training needs of your organisation. Recommended for groups of 10 or more.

This course will introduce students to the art and science of exploit development. Core concepts involving debuggers, stack based overflows, disassemblers and some defence mitigation will be taught in a largely practical delivery style. Instruction will commence with an overview of foundational theory concepts, and will then quickly dive into the intricacies of modern x86 CPUs. Mitigations such as DEP and ASLR will be investigated, and students will have the opportunity to demonstrate their new skills in an extended capstone exercise on the final day.

  • Topics covered include:Core exploitation theory
  • Stack based overflows on Linux and Windows
  • Heap overflows (limited scope)
  • Tool use
  • Shellcode generation and modification
  • Introduction to mitigations
  • Mitigation bypass (limited scope)
  • Capstone practical exercise

*Note: this course is a foundational course and will not teach 64 bit exploitation or advanced protection bypass techniques.

Learning outcomes

 On completion of this course, participants should be able to:

  • Develop and implement basic exploitation strategies.
  • Exploit stack-based overflows in Windows and Linux in the absence of strong mitigation controls.
  • Use Structured Exception Handling (SEH) to exploit Windows stack-based overflows.
  • Write basic ROP exploits to bypass DEP.
  • Use tools such as gdb, Immunity Debugger, IDAPro, objdump, readelf, to perform static and dynamic analysis of simple binaries.

What you will receive

  • Comprehensive set of course notes.
  • UNSW Canberra certificate of attendance.
  • Morning tea, lunch and afternoon tea.

Who should attend

  • Novice exploit developers
  • Penetration testers
  • Software architects

Course Information

Course Day Breakdown
add

Day 1

Core Exploitation Theory

The session starts with an overview of the history of models of computation and the different types of CPU architecture. We’ll then move onto Program Representation and The Stack. Shellcoding Tips and exercises will be covered during the lab session.

Topics

Turing Model of Computation, x64/x86 Architectures, Compilation/Decompilation, Endianess, Stack Frames, Calling Conventions.

Day 2

Stack based Overflows on Linux and Windows

Day 2 covers Buffer Overflows for Linux and Windows environments. We’ll then move onto executable binary formats, sharing code, linking shared libraries and stack cookies through lecture and lab components.

Topics

Executable Formats, Memory Layout, Buffer Overflows, Shellcoding – Bad Characters, Exploiting GOT, RELRO, Stack Cookies.

Day 3

Introduction to Mitigations

The session will introduce the concepts of Structured Exception Handling (SEH), Data Execution Prevention (DEP) and Return Oriented Programming (ROP). Labs will cover writing remote exploits using SEH and enabling DEP as a mitigation defeated with ROP.

Topics

SEH Exploitation, Mitigations, Protections, Return-to-libc, ROP Gadgets, ROP Chain.

Day 4 & Day 5

ASLR & Heap Overflows

Today’s session lectures will discuss Address Space Layout Randomisation and heap Overflows. Students will run through a number of practical exercises including forcing and leveraging an info leak, understanding Heap Chunks, Allocations and writing exploits to learn more about Heap and how to control it.

Topics

ASLR, Heap Overflows, ASLR Bypasses, Non-rebased Modules, Info Leak, Stack Characteristics, Heap Characteristics, Operations, Management, Fragmentation, Managers and Integrity.

Course outline
add
Exploit Development

Exploit Development

filter Download 593.44 KB PDF
Exploit Development

NICE Framework Mapping
add

This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities):

K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

K0177: Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

K0440: Knowledge of host-based security products and how those products affect exploitation and reduce vulnerability. 

K0530: Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation.

K0560: Knowledge of the basic structure, architecture, and design of modern communication networks.

S0001: Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

S0073: Skill in using virtual machines. (e.g., Microsoft Hyper-V, VMWare vSphere, Citrix XenDesktop/Server, Amazon Elastic Compute Cloud, etc.).

A0044: Ability to apply programming language structures (e.g., source code review) and logic.

A0093: Ability to identify/describe techniques/methods for conducting technical exploitation of the target.

What is the NICE Framework?

The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles.

To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Cancellation policy
add

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.

UNSW Institute for Cyber Security
add

UNSW Institute for Cyber Security is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders.

The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities.

Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs.

Contact us at cyber@adfa.edu.au to discuss how.

Tags
lensCyber Security
lensProfessional Education