Writing Your First Exploit
Date:
DEF CON isn’t just for hardened hackers with 5up3r 3l173 hacking skills. As DEF CON has grown, more and more attendees are looking for knowledge that will help them get started in the world of hacking. If that’s what you’re looking for, this training workshop is for you!
This training will teach students how to discover and exploit their first buffer overflow exploit. This is not a class in how to use the tool of the day; students will be writing their own tools in Python every step of the way. Students will learn how to configure their virtual lab environment, how to write a fuzzer that can produce a crash in a network service, how to take control of a crash, and how to embed a customized payload in order to complete the exploit. As time permits, there will also be a discussion of writing Windows payloads by hand in shellcode.
Understanding exploit development is good. Understanding how to prevent exploits is better. In addition to examining the offensive techniques involved in exploiting buffer overflow vulnerabilities, students will dig through C source code to understand these vulnerabilities and how they could be mitigated. As time permits, there will also be a discussion of host-based mitigation strategies such as DEP and ASLR.