BlackHoodie NorthSec May 2020

Blackhoodie Crash Course in Binary Exploitation

by Mary Walker (@mairebear)

When: May 12 and 13 2020

Where: Holiday Inn

Who: Women, as self-identified (Why? See Blackhoodie about)

Registration: Via Google form https://forms.gle/TT4c8f79j2MUsnH69 We’ll email you to confirm your registration and we’ll have a waitlist if the event fills up.

Fees: The training is free. Meals and a cocktail will be offered (also for free). Once you register, you’ll have the option to get a ticket for the NorthSec conference as well.

Agenda

Have you ever wondered how to write an exploit for a piece of vulnerable software? When a program is vulnerable to remote code execution— what does that even mean? What’s a buffer overflow, and why does it matter in the context of information security? This two day workshop aims to shed some light on these topics with a crash course in the wild and weird world of binary exploitation, or taking advantage of a software bug to get a program to do something you, a hacker, want it to.

This course is hands-on, so be prepared to dive right in! I hope you’ll grow to love assembly, debuggers, and the rush of popping a shell from a buffer overflow just as much as I do.

Day 1

On the first day we’ll spend some time understanding what makes this class of vulnerabilities possible and why this still matters in 2020. After just a little bit of background, we’ll start to dive in with some hands on labs. To learn the process of writing simple stack based overflows, we’ll work on both Linux and Windows systems (x86 architecture)— first modifying exploits and eventually writing one from scratch. This means we’ll be getting down into assembly and talking about processor registers, memory management and more.

Day 2

On day two we’ll talk both about mitigations that software and operating systems can employ against these exploits and how we can bypass those protections as attackers. Mitigations discussed (and evaded!) will include ASLR and stack canaries.

What prerequisites should registrants have?

  • Curiosity and willingness to ask questions!
  • Some basic scripting or programming knowledge (any language will do, but we’ll be using python, PowerShell, and bash)
  • A laptop with
    • Virtualization software such as virtual box or VMware (virtual box recommended)
    • USB 3.0 or USB C port
    • Chrome or Firefox
    • Administrator privileges

Who should take this course?

Please note, this is a Blackhoodie workshop– as such, registration is restricted to those identifying [partially or wholly] as female. Who should take this course?

  • Curious people interested in how software bugs can lead to security incidents
  • Beginners interested in understanding program execution at a low level
  • Novice hackers wanting to peek under the cover of how exploits work
  • Novice defenders wanting to understand what goes into exploiting systems they defend
  • This is an introductory course, so if ROP chains are familiar friends this isn’t the workshop for you

About Mary Walker

Mary is a security engineer who works on digital forensics and malware analysis with a focus on all things malware. Her current role is structured to support incident response, and she loves helping defenders keep organizations secure. She writes and tests binary exploit challenges for capture the flag competitions for fun and got her start in security by writing buffer overflows. She has been working in Infosec for just over three years after earning an MS in Cyber Security; she holds an OSCP, GCFA, GREM, and GXPN.

Mary lives in Seattle, WA with her husband along with her German Shepherd and cat. Outside of security, she’s excited about mechanical keyboards, PC gaming, dogs, coffee, and books. Feel free to reach out to her on Twitter - @mairebear.


About BlackHoodie

BlackHoodie is a free, women only reverse engineering workshop. More information can be found here: https://www.blackhoodie.re/about/.


Contact

outreach@northsec.io

@NorthSec_io