Linux Heap Exploitation [HITB CYBERWEEK 2021]

$4,299.00

Duration

4 days

Delivery Method

virtual

Level

intermediate

Seats Available

20

Duration

4 days

Delivery Method

virtual

Level

intermediate

ATTEND ONLINE: Virtual via Zoom and LMS

DATE: 21-24 November 2021

TIME: 09:00 to 17:00 GST/GMT+4

Date Day Time Duration
21 November Sunday 09:00 to 17:00 GST/GMT+4 8 Hours
22 November Monday 09:00 to 17:00 GST/GMT+4 8 Hours
23 November Tuesday 09:00 to 17:00 GST/GMT+4 8 Hours
24 November Wednesday 09:00 to 17:00 GST/GMT+4 8 Hours

 


This 4-day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, and embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc.

The lectures and labs will look at numerous ways to misuse each of these allocators in the latest versions of each. Access to laboratories will be provided and students will receive a certificate of completion and an InfoSect swag pack including a tshirt, stickers, pen, and mug.

Agenda

  • Day 1

    Lectures • Introduction to the Training • Memory Corruption • Control Flow Hijacking • Heap Data Structures • The TCache • TCache Poisoning • TCache Poisoning in glibc 2.27-2.31 Labs • Arbitrary Write to Code Execution • TCache Poisoning

  • Day 2

    Lectures and Labs • Pointer Guard in glibc • Linux Kernel SLUB Allocator • ISO Alloc • Safe Linking in glibc 2.32 • Revisiting SLUB • TCache Double Free • Fast Bin Double Free • Double Free Mitigation Bypass • Overlapping Chunks • Calloc I • Calloc II • House of Force

  • Day 3

    Lectures and Labs • TCache House of Spirit • Fast Bin Poisoning I • Fast Bin Poisoning II • Unsorted Bin Libc Base Leak • TCMalloc - Freelist Poisoning - Double Frees - Overlapping Chunks • JEMalloc - Overlapping Chunks • PartitionAlloc - Freelist Poisoning - Double Frees - Overlapping Chunks

  • Day 4

    Lectures and Labs • uClibc - Unlink • newlib - Freelist Poisoning - House of Spirit • dietlibc - Freelist Poisoning - House of Spirit • musl - Freelist Poisoning • avr-libc - Freelist Poisoning - House of Spirit - Overlapping Chunks

Why You Should Take This Course

TBA

Who Should Attend

  • Developers

  • IT Professional

  • Embedded Developers

  • OS Developers

  • Penetration Testers

  • Software Security Auditors/Analysts

  • Vulnerability Researchers

  • Software Exploitation Developers

  • and anyone interested

Key Learning Objectives

  • To be able to exploit heap corruption in C programs on Linux using the latest versions of a variety of allocators.

  • Demonstrate understanding of heap data structures.

  • Demonstrate debugging heap data structures.

  • Demonstrate attacks against the heap
  • Prerequisite Knowledge

    Students taking Code Review should have an intermediate C and Python Development background. They should have hands on experience in:

    • C Coding Experience

    • Python Coding Experience

    • Linux

    Hardware / Software Requirements

    • An internet connection

    • A browser

    • Webcam & microphone (optional)

    • Your favourite SSH tool

    • PDF viewer for notes & lab guide

    Your Instructor

    No data was found