null Bangalore Humla 20 April 2019 Exploit Scripting Series - Overflowing and Gaining a shell Register

Null offensive hacking hands-on training.

Proposed sessions for this event:

• Overflowing and Gaining a shell by Mihir Shah

Topics Going to Cover:

       - I. Starting with the basics – understanding stack and heap, Intro to IDA.
       - II. Exploiting Vanilla Buffer Overflows and understanding few of the exploits from metasploit
       - III. Hands on cracking two applications for Buffer Overflow. One would be taught and the other application is expected to be cracked by the participants,during the session

All Software/Hardware that may be required

       - The participants will require a windows XP machine with IDA installed, the participants will require 2 software's, the link for which is provided below.These 2 softwares are vulnerable by design and would be exploited to gain a shell.  Participants are required to install python2 inside their windows XP VM. An attacking machine of their choice, both should be communicable.

Pre-requisites for participants:

       - PCMan: https://www.exploit-db.com/exploits/26471 
       - Minishare: https://www.exploit-db.com/exploits/616 
       - IDA Freeware:  https://www.hex-rays.com/products/ida/support/download_freeware.shtml 

Prior knowledge Required to attend the session:

       - Trivial understanding of python, data constructs.

Important Note:

If you cannot make it to the event, in case of any unforeseen circumstances, please unregister yourself and give your seat to the many others who are waiting to attend. You can unregister by replying to this email with SUBJECT: PLEASE UNREGISTER

In the event that you are not attending and we do not receive 'unregister' notification, we will give preference to other attendees henceforth(due to sheer number of interested attendees) for the upcoming workshop events of null such as humla/bachaav/Puliya. Your cooperation is solicited.