دوره Ptrace Security – Advanced Software Exploitation

The Advanced Software Exploitation (ASE) course offers security professionals an opportunity to test and develop their skills like never before. During this course, students will learn to identify common vulnerabilities and then use them to develop exploits for a wide range of software applications, including popular Windows applications, interpreted languages, and Web browsers.

In the first half of the course, attendees will use fuzzing, reverse engineering, and source code auditing, to attack a wide variety of applications (e.g. iTunes, Firefox, Vulnserver, etc.) and then use proven exploitation techniques to develop an exploit for one of the VMs (Windows 7, Windows 8.1 and Windows 10).

Then, in the second half of the course, the focus will shift from classic vulnerabilities to more advanced ones. In this section, students will learn how to escape Java sandbox using a type confusion vulnerability, how to circumvent the ASLR without pointer leaks, and how to use precise heap spraying, just to name a few.

By the end of this course, students will know how to find software vulnerabilities using fuzzing, reverse engineering, and source code auditing, and then how to write their own exploits in Python, JavaScript, or Java.

Syllabus

  1. Fundamentals: Intro
  2. Fundamentals: Stack Buffer Overflow
  3. Fundamentals: Structured Exception Handler Overwrite
  4. File Format Fuzzing: Intro
  5. File Format Fuzzing: The Peach Fuzzer
  6. Network Protocol Fuzzing: Vulnerability Discovery
  7. Network Protocol Fuzzing: Exploitation
  8. Attacking Web Browsers: Vulnerability Discovery
  9. Attacking Web Browsers: Exploitation
  10. Practical Patch Diffing
  11. Exploiting vulnerabilities in the Oracle JVM: Vulnerability Discovery
  12. Exploiting vulnerabilities in the Oracle JVM: Exploitation
  13. Advanced Windows exploitation
  14. Conclusion

Ptrace Security – Advanced Software Exploitation