TECH TRAINING 5: Blackbox Bug Hunting

Early Bird (< 30th June): SGD1499

Normal (> 1st July): SGD1999

After teaching The Exploit Laboratory classes for over 8 years, students have asked us the obvious question – “How do you find vulnerabilities in software?”

Enter “Black Box Bug Hunting” – a class dedicated to one of the dark arts in the world of information security. A vast majority of exploitable vulnerabilities discovered in the past decade are the result of black box fuzzing and fault injection. Students shall learn how to use instrumented fuzzers to detect a wide variety of bug classes present in today’s software.

Black Box Bug Hunting is an intense hands-on course covering a variety of fuzzers, fault injection techniques, instrumented crash collection, debugging, reverse engineering, root cause analysis and exploit development using a tried and tested methodology.

WHAT YOU SHALL LEARN

  • Introduction to Fuzzing and Fault Injection
  • Overview of Memory Corruption Bugs
  • Fault Monitoring
  • The evolution of fuzzing and fuzzers
  • Closed loop feedback fuzzers
  • Fuzzers in all flavours
    • Packet Fuzzers
    • File Format Fuzzers
    • Bit Flippers
    • Closed Loop Feedback Fuzzers
  • Data Driven Fuzzing
  • Fuzzing Frameworks – Sulley, Peach, Grinder, Radamsa
  • Data Models and State Transitions
  • Monkeys on Typewriters: Fuzzing the Unknown
  • Bit Flipping and Mutations
  • Instrumented Fuzzing and Automatic Crash collection
  • Crash Dump Analysis
  • Testing for Exploitability
  • Vulnerability Detection and Classification
    • Stack Overflows
    • Heap Overflows
    • Integer Overruns
    • Vtable Overwrites
    • SEH Overwrites
    • Format String Bugs
    • Pointer Corruption
    • Use-After-Free
  • Reverse Engineering and Root Cause Analysis for each vulnerability type
  • The Bug Hunter’s Nose – how to “smell” bugs from a distance
  • Practical Exploit Development

WHO SHOULD TAKE THE COURSE

– Red Team members, who want to pen-test custom binaries and exploit custom built applications.
– Bug Hunters, who want to find new vulnerabilities and write exploits for all the crashes they find.
– Members of military or government cyberwarfare units.
– Members of reverse engineering research teams.
– Pen-testers, Security analysts, Reverse Engineers, who want to take their skills to the next level.
– Anyone who is fed up of finding XSS bugs in websites!

AGENDA

DAY 1

– Memory Corruption Bugs and The Exploitability Factor
– Introduction to Fuzzing and Fault Injection
– The evolution of fuzzing and fuzzers
– Closed loop feedback fuzzers
– Data Driven Fuzzing
– Fuzzing Frameworks – Sulley and Peach
– Hunting for Buffer Overflows
– Introduction to Crash Dump Analysis
– Stack Overflows and SEH Overwrites – Root Cause Analysis
– LAB EXERCISES

DAY 2

– Introduction to Heap Overflows
– Heap Overflows – Root Cause Analysis
– Bit Flipping and Mutations
– Introduction to Integer Overruns
– Integer Overruns – Root Cause Analysis
– Browser Fuzzing
– Use-After-Free – Root Cause Analysis
– LAB EXERCISES

HARDWARE REQUIREMENTS:

* A working laptop (no Netbooks, no Tablets, no iPads)
* Intel Core 2 Duo x86/x64 hardware (or superior) required
* 4GB RAM required, at a minimum, 8GB preferred, and anywhere in between shall be tolerated
* Wireless network card
* 20 GB minimum free Hard disk space
* Working USB port (should not be DLP disabled!)

SOFTWARE REQUIREMENTS:

* Linux / Windows / Mac OS X desktop operating systems
* VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY
* Administrator / root access MANDATORY

Training
Location: Hotel Fort Canning Date: October 12, 2015 Time: 9:00 am - 6:00 pm Saumil Shah