Training: Binary Exploitation
Although one of the oldest IT security topics, binary exploitation is still very relevant today. When the ‘Shadowbrokers’ published a collection of NSA exploits, the entire IT world was in danger. These exploits were used by criminals to create, for example, the WannaCry ransomware that threatened computer systems worldwide. These exploits can only be properly understood by delving into the world of binary language. But it’s very difficult to learn assembly language because it was designed to be understood by machines, not humans. High-level languages such as C or C++, on the other hand, are quite different.
What do the participants learn in the training?
This workshop is designed to provide the first steps in making the topic of binary exploitation tangible and quickly achieve practical success. It includes writing your first own exploit and, at the end of the course, achieving a buffer overflow with code execution.
What are the contents?
We start with the identification of a vulnerability and then successively perform all the steps to generate a working exploit at the end. This includes the following contents:
- Assembly language basics
- What is the stack?
- What is a buffer overflow anyway? And what does vulnerable code look like?
- Searching for vulnerabilities
- Taking over the execution flow
- Generating shellcode
- Injecting shellcode into a running program
- Executing arbitrary code after successful exploit
What is the target audience (prior knowledge etc.)?
This training course is aimed at experienced IT staff who do not have an IT security background. Basic prior knowledge of IT concepts is required.
How long does the training course take?
Duration: 0,5 days