Exploit Reverse Engineering
Exploit Reverse Engineering:
An exploit is an advanced piece of software allowing an attacker
to gain full control over a target (victim) system. Typically, exploits take
advantage of weaknesses and vulnerabilities in commonly used software such as
Operating Systems and Web Browsers. Writing a working exploit (also known as
0-day) involves a very long and difficult process and requires very advanced
skills. Most of large-scale cyber attacks involve, at some stage, the use of an
exploit. Therefore, understanding how these exploits work is an essential
ingredient to design deeply secure solutions and mitigations.
If a hacker wants to get inside your system, he/she will,
and there is nothing you can do about it
1. Introduction to exploitation - Review of x86 Assembly - Tutorial on Debugging 2- Buffer Overflow - Memory and Stack Layout 3- EIP Overwrite - Fuzzing for buffer overflow vulns - EIP Overwrite reverse engineering 4- SEH Overwrite - Exception Handling Exploitation - SEH Overwrite reverse engineering 5- Introduction to Shellcoding - Basic Shellcoding - Shellcoding process 6- Egg-hunting - Multi-stage exploits - Omelett exploits 7- Return-Oriented-Programming (ROP) - Using gadgets - Bypassing DEP 8- Heap-Spraying - Heap-Spray reverse engineering 9- Mitigation Techniques - Stack Shield - SafeSEH - SEHOP - Data Execution Prevention (DEP) - Address Space Layout Randomization (ASLR)
A Seminar on Hacking by Dr. Sami Zhioua (November 2011):
Sami Zhioua, December 2015 | |||||||