Security Research
by Alexander Sotirov
Assured Exploitation 2011
Feb 9, 2011
This year Dino Dai Zovi and I are teaching our Assured Exploitation class again at the CanSecWest conference. This is a two day training on March 7-8, focusing on on the advanced exploitation techniques required for developing state of the art exploits for the latest Windows 7 systems.
Why do we feel that this course is necessary? Many security professionals have mastered stack overflows and heap spraying, but these techniques are no longer sufficient for developing exploits in 2011. Reliable exploitation on Vista and Windows 7 requires advanced techniques such as heap layout manipulation, return oriented programming and ASLR information leaks. In addition, robust exploitation necessitates repairing the heap and continuing execution without crashing the process. The goal of our Assured Exploitation course is to teach the principles behind these advanced techniques and give the students hands-on experience developing real-world exploits.
Here is a list of the topics that we indend to cover in the 2011 edition of the class:
- in-depth review of GS, ASLR, DEP, SafeSEH and SEHOP exploitation mitigations
- heap implementation details and manipulation of the heap state (including Windows 7)
- building primitives for heap layout control in new applications
- bypassing DEP and ASLR
- return oriented programming and shellcode development
- implementing a universal bypass of DEP and ASLR in Internet Explorer 8
- multistage stack pivots
The training will be based on a series of hands-on exercises that will incrementally guide the students through building their own exploits for the recent Aurora vulnerability, with capabilities far exceeding those of the publicly available samples. At the end of the course, the students will have the skills to reliably exploit Internet Explorer 8 on Windows 7 with both ASLR and DEP enabled.
To register for the course, please visit the CanSecWest website. We encourage you to register early because the class size is limited and prices are going up next month.