TT1 – The Exploit Laboratory 5.0

Trainers: Saumil Shah (Founder, Net-Square) & SK Chong (Security Consultant, SCAN Associates Bhd.)
Capacity: 20 pax
Duration: 2 days
Cost: (per pax) MYR3999 (early bird) / MYR4999 (non early-bird)


Have you ever found yourself staring at a vulnerability advisory with some proof-of-concept snippets and wished the author had rather attached a working exploit with it? Have you wished you could analyze vulnerabilities and write your own exploits for them? Have you wanted to debug and exploit custom built applications and binaries? The Exploit Laboratory, now in its fifth year, is an intense hands-on class for those wishing to dive into vulnerability analysis and exploit writing. The Exploit Laboratory starts off with a basic insight into system architecture, process execution, operating systems and error conditions. The class then quickly accelerates to analyzing vulnerabilities with debuggers, reproducing reliable error conditions and writing working exploits for the same. The Exploit Laboratory features popular third party applications and products as candidates for vulnerability analysis and exploitation, rather than building up on carefully simulated lab exercises. Most of the class time is spent working on lab exercises and examples. Lab examples and exercises used in this class cover both the Unix (Linux) and Microsoft Windows platforms, illustrating various error conditions such as stack overflows, heap overflows and memory overwrites. All this—delivered in a down-to-earth, learn-by-example methodology, by trainers who have been teaching advanced topics in computer security for over 10 years. This class is updated from the 2009 edition, featuring revised content on heap overflows, abusing exception handlers and more hands-on examples based on recent vulnerabilities. This class does NOT require knowledge of assembly language. A few concepts and a sharp mind is all you need.

Learning Objectives:

* Understanding Error Conditions
* Types of error conditions: Stack Overflows, Heap Overflows, Format String bugs, etc.
* Process execution and memory map under Linux and Windows
* Debugging applications and sharpening debugging skills, using GDB and WinDBG
* Putting together an exploit
* Shellcode – various types of shellcode and functionality
* Crafting the attack vector and payload
* Making the exploit work reliably
* Stack overflows on Linux and Windows
* Return to stack vs. Return through registers
* Abusing Structured Exception Handlers
* Heap overflows in Linux
* Overwriting the Global Offset Table
* Heap overflows in Windows
* Browser exploitation
* Exploits on Mac OS X

Who Should Attend

* Pen-testers, Security analysts, Security auditors, who want to take their skills to the next level and write their own exploits instead of borrowing them.
* Developers and Project managers, who want to understand what can happen to poorly written code.
* Members of internal product security groups, who want to pen-test custom binaries and exploit custom built applications.
* System administrators, who want to follow a more “pro-active” approach in enforcing security measures.
* Just about anyone curious about vulnerabilities and exploits.

Participants Are Required To:

* Have a working knowledge of operating systems, Win32 and Unix.
* Not be allergic to command line tools.
* Use vi/pico/joe editors.
* Have a working knowledge of shell scripts, cmd scripts or Perl.
* Understanding of C programming would be a bonus.

Hardware Requirements:

* A working laptop (no Netbooks)
* Intel Core 2 Duo x86 hardware (or superior) required
* 2GB RAM required, at a minimum, 4GB preferred, and anywhere in between shall be tolerated
* Wired or Wireless network card
* 12 GB free Hard disk space

Operating Systems (one of the following):

* Windows XP SP2/SP3 or Windows 7
* Administrator access MANDATORY
* Ability to disable Anti-virus / Anti-spyware programs
* Ability to disable Windows Firewall or personal firewalls
* Active Perl 5.8 or above from
* An SSH client, such as PuTTY
* Firefox browser


* Linux kernel 2.4 or 2.6
* Kernel 2.4 or 2.6 required
* Root access mandatory
* Ability to use an X-windows based GUI environment
* Perl 5.8 should be available
* SSH should be available

NOTE: If your laptop is a locked-down company issued laptop, please make sure you have VMWare Workstation or VMWare Player installed by your administrator before you come to class.

About the trainers
Saumil Shah

Saumil continues to lead the efforts in e-commerce security research and product development at Net-Square. His focus is on researching vulnerabilities with various e-commerce and web based application systems, system architecture for Net-Square’s tools and products, and developing short term training programmes. Saumil also provides information security consulting services to Net-Square clients, specializing in ethical hacking and security architecture. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than nine years experience with system administration, network architecture, integrating heterogenous platforms, and information security and has perfomed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a regular speaker and trainer at security conferences such as BlackHat, RSA, etc.

Previously, Saumil was the Director of Indian operations for Foundstone Inc, where he was instrumental in developing their web application security assessment methodology, the web assessment component of FoundScan – Foundstone’s Managed Security Services software and was instrumental in pioneering Foundstone’s Ultimate Web Hacking training class.

Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young, where he was responsible for the company’s ethical hacking and security architecture solutions. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member there.

Saumil graduated from Purdue University with a master’s degree in computer science and a strong research background in operating systems, networking, infomation security, and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is a co-author of “Web Hacking: Attacks and Defense” (Addison Wesley, 2002) and is the author of “The Anti-Virus Book” (Tata McGraw-Hill, 1996)

SK Chong

S.K. (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools in his penentration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing against banks, ISP and goverment agencies. These experiences help him wrote a few security whitepapers on SQL Injection, Buffer Overflow, Shellcode and Windows Kernel stuff, including one of which published in Phrack E-zine #62. His researches was presented in Blackhat (Singapore) 2003, HITBSecConf2003 – Malaysia, RuxC0n2004 (Australia), XCon2004 (China) and many other security conferences.