Null offensive hacking hands-on training.
Proposed sessions for this event:
- From Crash To Exploit by Ashfaq Ansari
Overview
We are conducting a n|u Humla session at Pune on From Crash to Exploit: CVE-2015-6086 - Out of Bound Read/ASLR Bypass
. This will be a complete hands-on session where attendees will be introduced to aspects of root cause analysis and the challenges faced during the development of a reliable exploit. We invite people who knows basics of user mode exploitation, assembly and enthusiasts. This is a per-invite based session and will be sending out the invites to only 10 people.
Humla Champion
Ashfaq Ansari is working as Security Consultant at Payatu Technologies where he spends time experimenting and understanding different attack vectors to exploit Windows User Mode as well as Kernel Mode vulnerabilities. He likes fuzzing and a fanboy of machine learning. He is a computer enthusiast and tries to learn new things.
Ashfaq Ansari
ashfaq[at]payatu[dot]com
Blog | null |
Github | @HackSysTeam
Agenda
Introduction Out of Bound Read bugs
Crash Demonstration
Understanding the bug
WinDbg-Fu
Root Cause Analysis
Exploitation Challenges
Understanding Heap Allocator
Exploitation Strategy
Massaging the Heap
Bypassing Address Space Layout Randomization (ASLR)
Q/A & Feedback
Prerequisites (Basics)
- Patience
- Javascript
- Assembly
- WinDbg
Hardware & Software Requirement
- A laptop capable of running one virtual machine (4/8 GB of RAM).
- 8/16 GB Flash Drive
- Notepad++
What to Expect?
- Fun
- Hands-on
- Quick Overview of Heap Allocator
- WinDbg-Fu
- Techniques to exploit Out of Bound Read/Write bugs
What Not to Expect?
- Elite Browser Hacker in 1 day
- Basics of Javascript
- Basics of User Mode Exploitation
Note:
This session is conducted to introduce root cause analysis, exploitation challenges and walk-through/hands-on. We will be focused on CVE-2015-6086 and will try to make the workshop more interesting by having discussions.
This is just the BEGINNING
, not the END
Date | Saturday January 16 2016 |
---|---|
Chapter | Pune |
Registrations | 15 |
Max Registrations | Unlimited |
Event Type | Invite Only |
Start Time | 10:00 AM |
End Time | 06:00 PM |
Session Schedule
Name | Speaker | Start Time | End Time | Resources |
---|---|---|---|---|
From Crash To Exploit | Ashfaq Ansari | 10:00 AM | 06:00 PM |