Hands-on Ethical Hacking: Preventing and Writing Exploits for Buffer Overflows presented at AppSec USA 2013

by Ralph Durkee,

Summary : A ntense 2.5 hours hands-on course where you will find a buffer overflow vulnerability and then develop an exploit for a stack based buffer overflow. We'll also discuss and test mitigating techniques such as address randomization, stack protections mechanisms, non-executable stacks and of course programming to prevent buffer overflows.
The course will use a virtual Linux system with the required tools running on your own laptop. Students must be comfortable with the Linux command line, and be familiar with basic C/C++ programming. We'll be using the Gnu development tools such as g++. gcc, gdb, and make. Vim, Emacs and Eclipse will all be installed for your editing and exploit writing pleasure. We'll be looking at assembly code in order to develop the final exploit, so some familiarity with assembler languages is helpful, but not required. You must bring your own laptop. The laptop can be MS Windows, Mac or Linux, just make sure you have a recent version of VirtualBox installed and working. Having a DVD reader is helpful for transferring the VM, but a flash drive will also be available.
Laptop Requirements:
At least 4Gb RAM
8 Gb of free disk space
Virtual Box 4.2.16 or newer installed.
Administrator or root privileges for the laptop.
Comfortable with Linux Command Line and g++ / gcc.