Instructor: Marco Lorenz
Duration: 3 days
Buffer overflows rank among the most prominent classes of software vulnerabilities. They allow attackers and malware to break into operating systems, applications and services. A detailed understanding of these vulnerabilities and of the possible attacking techniques is essential for security experts who conduct security audits, evaluate specific security problems on a regular basis or wish to assert themselves in discussions with other technically well-versed experts. Based on the “Hacking Extreme” training, the “Hacking Extreme Buffer Overflows” course deepens the understanding of stack and heap buffer overflow vulnerabilities as well as the methods to exploit them. In many practical exercises, the participants will learn how to find and exploit such vulnerabilities using assemblers, disassemblers and debuggers. This will provide detailed information about the structure and preparation of attacking tools.
Examples of topics to be covered:
- Classification of buffer overflows
- Process and memory layouts
- The inner workings of the stack and heap
- Finding buffer overflows using source code and binary code
- Type of attack: denial of service
- Type of attack: modification of program flow
- Type of attack: execution of injected code
- Structure and development of exploits
Operating systems covered:
We will mainly perform the exercises using Linux and the free tools available there. Some Windows examples will complete the training.
Administrators, software developers and security managers who have already participated in the „Hacking Extreme” course and who also look at security from the perspective of the attacker and want to further explore this world.
The training is definitely to be considered an “advanced” course. Previous participation in the “Hacking Extreme” course and basic knowledge of programming languages are necessary for understanding the course. As the exploits to be developed in the exercises are programmed in Perl, C and assembler, basic knowledge of the x86-processor architecture and assembler programming is helpful as well.
The number of participants is limited to 15 persons per date to make sure the instruction is individual and effective.
You will receive CPE Points for participating in the Hacking Extreme Buffer Overflows training. The training takes 24 hours. You will get a certificate after having completed the training.