DeepSec 2012 Workshop: The Exploit Laboratory – Advanced Edition

René Pfeiffer/ September 30, 2012/ Conference

Offensive security is a term often used in combination with defence, attack (obviously), understanding how systems fail and the ever popular „cyberwar“. Exploiting operating systems and applications is the best way to illustrate security weaknesses (it doesn’t matter if your opponents or pentesters illustrate this, you have a problem either way, and you should know about it). So where do exploits come from? Well, you can buy them, you can download them somewhere, or you can develop them. This is where The Exploit Laboratory comes in. Saumil Shah will teach you how exploits work – even on modern operating systems!

Exploit Development is one of the hottest topics in offensive security these days. The Exploit Laboratory, in its sixth year, brings advanced topics in exploit development to Vienna this year. Arm yourself with skills to write exploits that work on modern operating systems. Other than the usual memory corruption bugs, we shall be paying special attention to Use-After-Free bugs and their practical exploitation. The Exploit Laboratory features in-depth coverage of defeating DEP using Return Oriented Programming (ROP), using automated tools to build ROP chains, bypassing ASLR and advanced heap sprays. A special topic being introduced this year is on Pointer Inferencing through Memory Leaks – techniques that can be coupled with a memory corruption bug to perform a full ASLR bypass! And last but not least, we shall be introducing a module on exploiting Webkit on the Android platform.

We guarantee you two intense action packed days with the latest and greatest of exploit development techniques! If you, or the “companies” you work for, are interested in offensive security, then this is a class not to miss! The knowledge you learn works equally well if you intend to wage or stop „cyberwar“. ☺

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.