|When:||Back to Calendar 2012/12/15 @ 6:00 pm - 10:00 pm||Where:||theTransistor SLC
||✔ Add to Calendar Add to Google Calendar|
|Categories:||SLC Events and Presenations|
‘Sploit Out: Hands-on introduction to exploit writing. Dec 15, 6:00 – 10:00pm. Limited Seating.
SLC Transistor, 440 South 700 East Unit #102
It’s time DC801 gets some exploit writing action. On December 15, I’m getting things started by putting together a hands-on introductory workshop covering stack overflows, format string vulnerabilities, and command injection in x86 linux. We will be finding vulnerabilities by reading source code, fuzzing (network, commandline, and file based), and using static analyzers. Then we will be writing exploits once suitable vulnerabilities have been found. To finish things off, we will port one of our exploits to Metasploit.
As long as you are familiar with Linux, know your base-2s and 16s, and can read (but not necessarily write) C programs, you should be fine. There will be a few rounds of debugging and looking at assembly code, but that can be learned during the workshop. You will need to bring a laptop with Virtualbox installed. Remember, this is a hands-on activity, not a lecture. You might leave without knowing exactly what you just did, but you won’t leave without having written several exploits and finding lots of potential vulnerabilities (only on old programs or contrived examples. Most likely won’t be finding any 0-days). I’m guessing it will last 4 hours.
Exploit writing can be frustrating. To ensure I can help you when you invariably get stuck, seating is limited to 11 spots. If enough people sign up for the waiting list, another session will be held early next year.
Registration opens Nov 25 at 12:00am at: http://sploitout.eventbrite.com/