We have the most amazing trainers this year lined up for Blackhoodie at Troopers 2019. We have Thais, Silvia, Lisa and Ninon going to give workshops on various interesting topics! Below are some of the workshop contents:
64-bit shellcoding and introduction to buffer overflow exploitation on Linux by Silvia Väli
64-bit shellcoding and introduction to buffer overflow exploitation on Linux is a 3 hour workshop which is essentially divided into 3 parts:
- Introduction to 64-bit architecture in order to get familiar with registers, stack, calling conventions described in the Intel 64 (x86-64) architecture manual and the most common assembly instructions and syscalls which we will later use to write our shellcodes.
- Shellcoding where we try different techniques to write the shellcode and of course you gonna get to greet the shellcoding world with your own Hello World shellcode in addition to reverse shell which we will use later on in part 3
- Introduction to buffer overflows, so you can put your newly received know-how about stack into practise right away. Shellcode without being used is a wasted shellcode! Part 3 ends with a buffer overflow challenge where your goal is to use your reverse shellcode to get a connection back to your machine.
- Get familiar with command line tools like nasm, objdump, ld, ausyscall, and gdb
- Learn how to find global and local variables using gdb and identify the corresponding sections; navigating in functions and examining memory in gdb
- Learn the basics of assembly language instructions and how to write your own assembly programs
- Get familiar with the basics of x86-64 architecture, using syscalls in shellcoding, JMP technique when writing shellcode
- Introduction to stack based buffer overflows
Participants are expected to either build their own Ubuntu 16.04 VM-s per given instructions or simply download the ready made machine provided for them and import it to Virtualbox.
Bug hunting with SMT solvers by Thais
- Ability to model problems with SMT solvers
- Software exploration with Symbolic execution
- Understand the value of static analysis for bug hunting
- Whitebox fuzzing using Z3 Python APIs
- Usage of open-source and free symbolic execution tools
- VMware Workstation (at least version 12) (no VirtualBox)
- At least 40GB of free disk space
- At least 8GB of RAM
- A laptop with administrative privileges
Introduction to Return Oriented Programming by Lisa
This 3 hour workshop aims to be fitting for people with varying background, as it starts easy and with detailed explanation on hands-on exercises but increases difficulty over time. In the shellcoding workshop by Silvia Väli we learn how to write shellcode to exploit a stack based buffer overflow. In order to prevent these attacks security mechanisms like Data Execution Prevention were developed. This protection prevents the stack from being executed. How can we get a shell if the stack is not executable? Return Oriented Programming (ROP) is a neat technique to defeat this protection and it enables us to write shellcode again.
The basic idea of ROP is to use code snippets that are already in the binary. This way, we can put the shellcode together like we would tinker a blackmailing letter from old newsletters, putting the fitting pieces one after another, until we get the payload we want. We will work on Linux (64 Bit), get to know the libc, and debug the process. By observing the stack and registers, we will see how choosing code snippets that end with a ‘return’ (ROP-gadgets) plays out.
The workshop contains 3 exercises of different stages.
- Exploring the challenge together to get an easy start and to get to know the environment, commands and tools.
- Explore the exploit on your own, with my assistance when needed.
- Solve the challenge with ASLR turned on (without PIE). This will get us a longer ROP-Chain, we will have a look on other useful segments like the Global Offset Table and how to use this for exploitation.
- Understanding the basic principles of Return Oriented Programming
- Using information about the Global Offset Table to develop an exploit
- Get familiar with tools and extensions like gdb(with peda), pwntools, ropper and other useful linux command line tools
Some sort of hypervisor (e.g. Virtualbox or VMWare) to import a provided VM (.ova) or build your own with provided instructions. To save disk space and effort the VM will be the same as the VM for the 64 bit shellcoding Workshop by Silvia Väli
This is not all. We have even more topics where the students get to explore much more areas in the low level world! If you are going to be an attendee, be ready to delve deep into the hands on sessions! Don’t be intimidated if this is your first time. We are all here to help you. I am sure you will have so much fun learning!
Taking this opportunity to thank our wonderful trainers for coming up with such amazing workshops. Thank you girls! You rock! 🙂