Software bugs evolve, just like their animal counterparts. Lesser bugs impact usability or are simple malfunctions. Once a bug impacts the security it is called a vulnerability. This means that something major is broken and that the internal logic can be manipulated to produce undesirable effects. Vulnerabilities can be exploited to create deterministic effects such as bypassing security checks, elevating privileges or other things. Exploits are the biggest bugs around. They have to work every time (at least with the software version affected by the bug/vulnerability), they need to insert specific code with a given purpose, and they should not compromise the functionality of the software (since you don’t want to be noticed) – So there is software development involved. Georgia Weidman will teach you how to get from a bug via a vulnerability to an exploit. The training is aptly titled Hands On Exploit Development.
Developing exploits means to better understand weaknesses of applications and protocols. You can use this knowledge to create signatures for intrusion detection/prevention systems. Furthermore you can use the exploit for penetration testing when attacking systems which are subject to audits. The workshop will teach you the basics of how to develop exploits, beginning from finding and analysing promising vulnerabilities, experimenting with attack vectors, to designing suitable payload to insert code. The process is basically software development with a specific purpose. This means that you have to learn the mindset of the exploit architect, gain experience with the techniques and tools used, and practice, practice, practice. Georgia will offer you an unique opportunity to get accustomed to exploiting code with code.
Participants will learn to write exploits by using real code on real systems. There will be a laboratory environment where you can „safely exploit“ applications and test what you can do (and if it works). Some experience with software development tools is required. You should know what a debugger is, and you shouldn’t be afraid of hexdumps. You should already know that processors execute assembly code, and you should have some experience with programming. We will show you what you can expect in the next blog article where Georgia will present you with a walk-through of a typical exploit development cycle.