Training: Exploit
Development
Exploit Development is a three-day
course aimed at consultants, code
reviewers, reverse engineers and exploit
developers who want to understand how
vulnerabilities in native code can be
exploited.
The course covers exploitation from
simple stack overflows to type confusion
bugs in C++ code using a variety of
techniques including return oriented
programming and engineering read/write
primitives.
The course is a mixture of presentations
and hands-on lab sessions where you can
practice developing a variety of exploits.
The course is run over three days but the
second day covering payload development
can be omitted if desired.
Highlights
• Exploiting stack overflows
• History of exploit mitigations including stack
cookies, SafeSEH, DEP and ASLR and
common techniques to bypass them.
• Return oriented programming (ROP).
• Writing custom payloads/shellcode and
encoding them to get around filters.
• Exploiting C++ vulnerabilities by building read
and write primitives.
Agenda
• Day 1 Stack overflows, writing a simple exploit,
mitigations, return oriented programming,
developing a ROP exploit.
• Day 2 Developing payloads and shellcode,
common filters, writing filtered exploits.
• Day 3 C++ internals, exploiting vtable
overwrites, type confusion (casting bugs and
use-after-free), exploiting type confusion bugs.
If the course is delivered at NCC Group premises
lunch will be provided to all delegates.
Please advise of any dietary requirements in
advance.
Deliverables
• Slide-deck in PDF format of over 250 slides split into 13
modules.
• Zip files of practical exercise, model solutions and reference
material.
Requirements
All the examples on the course are 32-bit Windows executa-
bles, however a 64-bit OS is necessary for one of the labs.
Participants are expected to have some familiarity with x86
assembly language and be comfortable with assembly level
debugging. Experience with a scripting language such as
Python, Perl or Ruby is highly recommended.
Hardware & Software
Participants require a laptop running Windows 7 64-bit or
above with local administrator rights.
A projector with HDMI or VGA cable is required for in-house
courses.
The following free packages are required:
• A debugger: Debugging Tools for Windows, OllyDbg or
Immunity Debugger
• A disassembler: IDA (freeware edition) strongly
recommended
• An assembler: NASM or FASM
• A scripting language: Python, Perl or Ruby
Pricing
We offer in-house and public courses. Prices are available on
request.
For more information from NCC Group, please contact:
+44 (0) 161 209 5200 [email protected]
NCCGTEDV10616
Why choose us
The instructors for the course come from the NCC
Group Exploit Development Group (EDG) which
provides bespoke exploits and tools for use on
client engagements. They have been working in
vulnerability research for over 15 years in a variety
of roles.
The EDG has developed exploits against popular
software including Internet Explorer, Firefox, Flash,
Adobe Reader, Windows Kernel, Xen and Java.
Their exploit development skills are backed up with
extensive knowledge and experience of reverse
engineering and low-level debugging. Blog posts
describing some of the EDG’s work can be found
on the NCC Group web site www.nccgroup.trust/
blog.
About NCC Group
NCC Group is a global expert in cyber security and
risk mitigation, working with businesses to protect
their brand, value and reputation against the
ever-evolving threat landscape.
With our knowledge, experience and global
footprint, we are best placed to help businesses
identify, assess, mitigate & respond to the risks they
face.
We are passionate about making the Internet safer
and revolutionising the way in which organisations
think about cyber security.
www.nccgroup.trust