Saturday, September 20, 2008

The Exploit Lab 3.0 Comes to Hack in The Box

Buffer overflows and remote exploits still remain the most wondrous and devastating of attacks. For years, security analysts have been playing with exploits that yield them a rootshell. The Exploit Laboratory brings the "rocket science" of reverse engineering and exploit writing in an easy to understand two day class at Hack In The Box 2008. Started by Saumil Shah of Net-Square and S.K.Chong of Scan Associates, the Exploit Laboratories has been taught at Blackhat, Hack in the Box, CanSecWest and many other security conferences worldwide to sold-out audiences.

The class' popularity lies in the fact that it brings the concepts down to easy hands-on examples featuring real life software as opposed to contrived textbook examples. Participants begin with simple overflows on Windows and Linux and are brought up to speed with exception handler overwrites, heap overflows, exploiting toolbars on IE7, bypassing Vista ASLR, and more, featuring recent software vulnerabilities out in the wild.

For the first time this year, the Exploit Laboratory features hands on Mac OS X exploitation. Saumil and S.K. strive to keep the class current. Things have come a long way since the class was first offered in early 2006. The Exploit Laboratory has kept pace with the times, with a continually updated syllabus and up-to-date examples of vulnerabilities.

It entirely depends upon the participants how much they wish to absorb out of the class. Both instructors are highly experienced security professionals with over nine years of experience in the industry, many public contributions, books and papers. The format of the Exploit Laboratory is "learn as you play along". Participants are expected to bring their own laptops to class. Everything happens hands-on.

The Exploit Laboratory requires its participants to sign a code of ethics agreement to promote vulnerability discovery and responsible disclosure.

Some comments from past students on The Exploit Laboratory:

Garrett Gee writes: "Wow, what a weekend I just had. I just finished the exploit laboratory class with Saumil Shah and S.K. Chong at Black Hat USA 2007. We covered exploit topics like stack and heap overflows on linux and windows systems. At the end of the course, I think we developed ten exploits for various applications. I loved their teaching format of explaining the exploit concept, then stepping us through a real exploit, and then letting us do one ourselves. A major difference from the ImmunitySec course I took a few years ago was that they told us how to make the application crash in the first place. This saved lots of time and allowed us to focus on how to gain full control of the application, and how to pack our payloads."

Tate Hansen writes: "If you want to bump up your exploit writing skills – Saumil Udayan Shah is an excellent teacher. His style of teaching brought out memories of my time as an ECE student at CU, Boulder. He presented very clearly, kept the pace moving, and quipped often. Great class. The majority of time is spent on using GDB and WinDBG to inspect Intel 32-bit x86 CPU registers for opportunities. The end game was always accompanied by netcat and metasploit (along with a decent amount of scripting to facilitate quick retries when trying to line up all the
exploit code to ensure success)."

More details on the class can be found on the Hack In The Box 2008 conference page at:

- EF

No comments: