Buffer overflows and limited exploits still abide the a lot of amazing and adverse of attacks. For years, aegis analysts accept been arena with exploits that crop them a rootshell. The Exploit Laboratory brings the "rocket science" of about-face engineering and accomplishment autograph in an simple to accept two day chic at Hack In The Box 2008. Started by Saumil Shah of Net-Square and S.K.Chong of Scan Associates, the Exploit Laboratories has been accomplished at Blackhat, Hack in the Box, CanSecWest and abounding added aegis conferences common to sold-out audiences.
The class' acceptance lies in the actuality that it brings the concepts down to simple hands-on examples featuring absolute activity software as against to apish arbiter examples. Participants activate with simple overflows on Windows and Linux and are brought up to acceleration with barring abettor overwrites, abundance overflows, base toolbars on IE7, bypassing Vista ASLR, and more, featuring contempo software vulnerabilities out in the wild.
For the aboriginal time this year, the Exploit Laboratory appearance easily on Mac OS X exploitation. Saumil and S.K. strive to accumulate the chic current. Things accept appear a continued way back the chic was aboriginal offered in aboriginal 2006. The Exploit Laboratory has kept clip with the times, with a always adapted abridgement and abreast examples of vulnerabilities.
It absolutely depends aloft the participants how abundant they ambition to blemish out of the class. Both advisers are awful accomplished aegis professionals with over nine years of acquaintance in the industry, abounding accessible contributions, books and papers. The architecture of the Exploit Laboratory is "learn as you play along". Participants are accepted to accompany their own laptops to class. Everything happens hands-on.
The Exploit Laboratory requires its participants to assurance a cipher of belief acceding to advance vulnerability analysis and amenable disclosure.
Some comments from accomplished acceptance on The Exploit Laboratory:
Garrett Gee writes: "Wow, what a weekend I just had. I just accomplished the accomplishment class chic with Saumil Shah and S.K. Chong at Black Hat USA 2007. We covered accomplishment capacity like assemblage and abundance overflows on linux and windows systems. At the end of the course, I anticipate we developed ten exploits for assorted applications. I admired their teaching architecture of answer the accomplishment concept, again dispatch us through a absolute exploit, and again absolution us do one ourselves. A above aberration from the ImmunitySec advance I took a few years ago was that they told us how to accomplish the appliance blast in the aboriginal place. This adored lots of time and accustomed us to focus on how to accretion abounding ascendancy of the application, and how to backpack our payloads." http://garrettgee.com/2007/07/30/black-hat-exploit-laboratory/
Tate Hansen writes: "If you ambition to bang up your accomplishment autograph abilities – Saumil Udayan Shah is an accomplished teacher. His appearance of teaching brought out memories of my time as an ECE apprentice at CU, Boulder. He presented actual clearly, kept the clip moving, and quipped often. Great class. The majority of time is spent on application GDB and WinDBG to audit Intel 32-bit x86 CPU registers for opportunities. The end bold was consistently accompanied by netcat and metasploit (along with a appropriate aggregate of scripting to facilitate quick retries if aggravating to band up all the accomplishment cipher to ensure success)." http://blog.clearnetsec.com/articles/2006/08/07/the-exploit-laboratory-class-at-blackhat-training-was-great
More data on the chic can be begin on the Hack In The Box 2008 appointment page at: http://conference.hitb.org/hitbsecconf2008kl
.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment