TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation

We are happy to announce that TROOPERS20 will feature the 5th anniversary of the popular Windows & Linux Binary Exploitation workshop!

In this workshop, attendees will learn how to exploit those nasty stack-based buffer overflow vulnerabilities by applying the theoretical methods taught in this course to hands-on exercises. Exercises will be performed for real world (32-bit) software such as the Foxit Reader Plugin for Firefox, Wireshark, and nginx.

Each exercise will start with an initially uncontrolled overwrite of the instruction pointer register by a stack-based buffer overflow vulnerability. From there on, we will work our way through many obstacles to finally gain remote code execution. Obstacles that will be encountered during the exercises include modern stack-based buffer overflow defense mechanisms such as stack cookies, data execution prevention (DEP), and address space layout randomization (ASLR). For all of these defense mechanisms, attendees will learn and apply certain methods to bypass the protection.

After completing the training, participants will have a solid understanding of how to exploit stack-based buffer overflow vulnerabilities. They will know which tools (e.g. WinDbg, gdb, mona, and msfvenom) to use for each step of the exploit development process and will understand how modern mitigation mechanism work and which pitfalls they can have.

If you are interested in this training, you can find more details here.

Oliver & Dennis