UNSW Canberra

Exploit Development

UNSW graphic yellow

Enrol

This course currently has no scheduled dates. To express interest in this course or to discuss bespoke options for yourself or your organisation, please submit an expression of interest or contact the Professional Education Team on +61 2 5114 5573 or profedcourses@adfa.edu.au
Duration

5 days

Delivery mode

Face-to-face

Location

Canberra

Standard price

$4,750.00

Defence price

$4,275.00

  • Accelerate your career, learn new skills, and expand your knowledge.

  • First in Australia for research excellence and impact.

  • Top 50 in the world. 2020 QS World University Rankings.

Overview

This course introduces students to the art and science of exploit development. Core concepts involving debuggers, stack based overflows, disassemblers and some defence mitigation are taught in a largely practical delivery style. Instruction commences with an overview of foundational theory concepts, and then quickly dives into the intricacies of modern x86 CPUs. Mitigations such as DEP and ASLR are investigated, and students have the opportunity to demonstrate their new skills in an extended capstone exercise on the final day.

Course content

Day 1: Core Exploitation Theory

The session starts with an overview of the history of models of computation and the different types of CPU architecture. We’ll then move onto Program Representation and The Stack. Shellcoding tips and exercises will be covered during the lab session.

Topics

Turing Model of Computation, x64/x86 Architectures, Compilation/Decompilation, Endianess, Stack Frames, Calling Conventions.

Day 2: Stack based Overflows on Linux and Windows

This session covers Buffer Overflows for Linux and Windows environments. We’ll then move onto executable binary formats, sharing code, linking shared libraries and stack cookies through lecture and lab components.

Topics

Executable Formats, Memory Layout, Buffer Overflows, Shellcoding – Bad Characters, Exploiting GOT, RELRO, Stack Cookies.

Day 3: Introduction to Mitigations

The session introduces the concepts of Structured Exception Handling (SEH), Data Execution Prevention (DEP) and Return Oriented Programming (ROP). Labs will cover writing remote exploits using SEH and enabling DEP as a mitigation defeated with ROP.

Topics

SEH Exploitation, Mitigations, Protections, Return-to-libc, ROP Gadgets, ROP Chain.

Days 4 & 5: ASLR & Heap Overflows

This session discusses Address Space Layout Randomisation and heap Overflows. Students run through a number of practical exercises including forcing and leveraging an info leak, understanding Heap Chunks, Allocations and writing exploits to learn more about Heap and how to control it.

Topics

ASLR, Heap Overflows, ASLR Bypasses, Non-rebased Modules, Info Leak, Stack Characteristics, Heap Characteristics, Operations, Management, Fragmentation, Managers and Integrity.

Please download the Exploit Development course PDF.

Learning outcomes

Skills/competencies/knowledge that would be gained through this course:
  • develop and implement basic exploitation strategies
  • exploit stack-based overflows in Windows and Linux in the absence of strong mitigation controls
  • use Structured Exception Handling (SEH) to exploit Windows stack-based overflows
  • write basic ROP exploits to bypass DEP
  • use tools such as gdb, Immunity Debugger, IDAPro, objdump, readelf, to perform static and dynamic analysis of simple binaries.

Who should attend

  • Novice exploit developers
  • Penetration testers
  • Software architects.

Cancellation policy

Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G.