About Us
Overview
Our Team
Partners
Contact Us
Services
Overview
Solutions
Consulting
Education
Overview
Course Description
Web Hacking
Security Assessment
Secure Coding
Defending Servers
Ethical Hacking
Buffer Overflow
Spyware
Research
Overview
Innovations
In The Public
Events & Announcements
Resources
White Papers & Articles
Advisories
Free Tools

Buffer Overflow

Duration: 2 - 3 days

This class introduces how buffer overflow vulnerabilities arise in programs and how they get exploited. The class will
take you deep inside how programs are loaded and executed within memory, how to spot buffer overflow conditions
and how exploits get constructed for these overflow conditions. By exposing the inner mechanisms of such exploits,
participants will understand how to prevent such vulnerabilities from arising.

The class will cover analysis of stack overflows, heap overflows and format string vulnerabilities. Examples of
vulnerabilities shall be provided on both the Windows as well as the Unix platform. The class is highly hands-on
and very lab intensive. The hands-on lab provides real-life examples of programs containing vulnerabilities, and
participants are required to analyse and exploit these vulnerabilities.

The objectives are:
  • Understanding error conditions
  • Categories of error conditions - stack overflow, heap overflow, off-by-one, format string bugs,
    integer overflows (this class will deal only with stack, heap and format string)
  • Unix process memory map
  • Win32 process memory map
  • Debugging applications
  • Identifying error conditions using debugging
  • Writing shellcode
  • Real life exploit construction
  • Secure coding practices
  • Doing code reviews for spotting error conditions
  • Kernel-level protection mechanisms
Target Audience
Developers
Pen-testers
Anyone who wants to know how exploits work

Prerequisite
  • Working knowledge of operating systems, Win32 and Unix
  • Compile programs using GCC, MS Visual C++ Toolkit
  • Familiarity with vi/pico/joe editors
  • Not allergic to command-line tools
  • Understanding of C or C++ programming would be a bonus

 

Course Outline

Schedule : Day 1
    Error Classification and Debuggings
  • Categories of Error Conditions
  • Unix Process Memory Map
  • Win32 Process Memory Map
  • Debugging Applications
  • Identifying error conditions
  • Question & Answer Session
 
Schedule : Day 2
    Shell Coding
  • Writing Shellcode
  • Real life exploit construction
  • Secure Coding Practices
  • Doing code reviews for spotting error conditions
  • Question & Answer Session
 
Schedule : Day 3
    Kernel Defense
  • Kernel-level protection mechanisms
  • Question & Answer Session
  • Feedback


For further information please contact us at