ASL IT SECURITY XTREME XPLOIT DEVELOPMENT

Similar documents
Bypassing Memory Protections: The Future of Exploitation

Penetration Testing with Kali Linux

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

Vulnerability Assessment and Penetration Testing

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Custom Penetration Testing

Learn Ethical Hacking, Become a Pentester

SECURITY B-SIDES: ATLANTA STRATEGIC PENETRATION TESTING. Presented by: Dave Kennedy Eric Smith

Audience. Pre-Requisites

Sandy. The Malicious Exploit Analysis. Static Analysis and Dynamic exploit analysis. Garage4Hackers

Metasploit The Elixir of Network Security

Testing for Security

Modern Binary Exploitation Course Syllabus

Hacking your perimeter. Social-Engineering. Not everyone needs to use zero. David Kennedy (ReL1K) Twitter: Dave_ReL1K

Penetration Testing Using The Kill Chain Methodology

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Social Engineering Toolkit

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Certified Cyber Security Expert V Web Application Development

Advanced Endpoint Protection Overview

Anti-exploit tools: The next wave of enterprise security

How To Use Powerhell For Security Research

CRYPTUS DIPLOMA IN IT SECURITY

Bug hunting. Vulnerability finding methods in Windows 32 environments compared. FX of Phenoelit

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Ivan Medvedev Principal Security Development Lead Microsoft Corporation

The Hacker Strategy. Dave Aitel Security Research

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Newsletter - September T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Why should I care about PDF application security?

Summer Training Program CCSE V3.0 Certified Cyber Security Expert Version 3.0

Peach Fuzzer Platform

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

90% of data breaches are caused by software vulnerabilities.

Linux exploit development part 2 (rev 2) - Real app demo (part 2)

Format string exploitation on windows Using Immunity Debugger / Python. By Abysssec Inc

Reverse Engineering and Computer Security

Certified Ethical Hacker Exam Version Comparison. Version Comparison

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Exploiting nginx chunked overflow bug, the undisclosed attack vector

IBM Protocol Analysis Module

ETRAC Presentation ECCN 4E001.c intrusion software technology. Jim O Gorman, President October 15, 2015

Web application testing

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

CYBERTRON NETWORK SOLUTIONS

PowerShell. It s time to own. David Kennedy (ReL1K) Josh Kelley (Winfang) Twitter: dave_rel1k

Information Security. Training

Telecom Testing and Security Certification. A.K.MITTAL DDG (TTSC) Department of Telecommunication Ministry of Communication & IT

Course Title Penetration Testing: Procedures & Methodologies

WHITEPAPER. Nessus Exploit Integration

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Summer Training Program CCSE V3.0 Certified Cyber Security Expert Version 3.0

BSIDES Las Vegas Secret Pentesting Techniques Shhh...

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

5 Steps to Advanced Threat Protection

Penetration Testing Lessons Learned. Security Research

ensuring security the way how we do it

HackSim: An Automation of Penetration Testing for Remote Buffer Overflow Vulnerabilities

Software Vulnerability Exploitation Trends. Exploring the impact of software mitigations on patterns of vulnerability exploitation

Cyber Hygiene for Physical Security

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Bypassing Browser Memory Protections in Windows Vista

Automation of Post-Exploitation

Anti-virus Evasion Techniques. By: Abhinav Singh a.k.a DaRkLoRd

LEADING CYBER SECURITY AND PENETRATION TESTING COMPANY

Post-Access Cyber Defense

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Effectiveness of blocking evasions in Intrusion Prevention Systems. White Paper. April, Konstantinos Xynos, Iain Sutherland, Andrew Blyth

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

Security of IPv6 and DNSSEC for penetration testers

How to hack a website with Metasploit

FORBIDDEN - Ethical Hacking Workshop Duration

Web application security: automated scanning versus manual penetration testing.

Maintaining Access CHAPTER 10 CHAPTER OVERVIEW AND KEY LEARNING POINTS INTRODUCTION INFORMATION IN THIS CHAPTER

Kautilya: Teensy beyond shells

CHAPTER 4 System Exploitation

Integrating Tools Into the SDLC

CLASS FINAL REPORT UNIVERSITY OF CENTRAL FLORIDA FRONTIERS IN INFORMATION TECHNOLOGY COP 4910

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Penetration Testing Report Client: Business Solutions June 15 th 2015

What Do You Mean My Cloud Data Isn t Secure?

How To Make An Attack Unnoticed By A Network Security System (Ipo) Or A Network (Ngfw) Without Being Detected (Ngw)

Critical Infrastructure Security: The Emerging Smart Grid. Cyber Security Lecture 5: Assurance, Evaluation, and Compliance Carl Hauser & Adam Hahn

Course Title: Course Description: Course Key Objective: Fee & Duration:

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

Defcon 20 Owning One To Rule Them All. Dave DeSimone Manager, Information Security Fortune 1000

Persistence Mechanisms as Indicators of Compromise

Transcription:

ASL IT SECURITY XTREME XPLOIT DEVELOPMENT V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1

Overview: The most dangerous threat is the one which do not have a CVE. Until now developing reliable exploits was a skill which only a small elite group of hackers knew. Now with our Xtreme Xploit Development training you can develop highly technical skills of vulnerability discovery, analysis and exploit writing. This training does not teach you how to use exploits, but how to write your own reliable exploits. Learn the latest exploit development techniques. Course Description: Xtreme Xploit Development is the most detailed and advanced exploit development training. Starting from assembly language basics the course moves to shellcode development, fuzzing for exploit discovery, writing reliable exploit, bypassing security measures and anti-virus evasions. The training is developed and delivered by accomplished exploit writers and reverse engineers who had developed and published in various common softwares and Microsoft products. After this training exploit writing and vulnerability research will not be a dark art for you. Each exercise in this training is hands-on with live examples and test cases. Who Should Take This Course: Red Team members, who want to pen-test custom binaries and exploit custom built applications. Bug Hunters, who want to find new vulnerabilities and write exploits for all the crashes they find. Members of military or government cyber warfare units. Members of reverse engineering research teams. Pen-testers, Security analysts, Reverse Engineers, who want to take their skills to the next level. A S L I T S e c u r i t y P v t L t d. Page 2

Student Requirements: Knowledge of c/c++ Knowledge of OS Knowledge of any scripting language like perl/python/ruby Trainers: Abhishek Sahni has seven years of experience in web application penetration testing. He had reported security vulnerabilities to yahoo and AOL. Abhishek had conducted successful security trainings on various topics for government agencies in India and abroad. He had performed many web application penetration tests and faced really challenging scenarios and found methods to overcome them. Abhishek Lyall is an experienced penetration tester and exploit writer. He found many vulnerabilities in MS Office products and other common softwares and wrote exploits for them. He is also well versed with very advanced exploit writing techniques like Return Oriented Programming, Jit Spraying etc and egghunting. He has also found many 0 days in Government websites and reported them and assisted in patching those vulnerabilities. A S L I T S e c u r i t y P v t L t d. Page 3

Module 1: Introduction to assembly language 1. Windows assembly 2. Linux assembly 3. Basic assembly language programs Module 2: Shellcoding 1. Windows shellcode 2. Linux shellcode 3. Generating shellcodes with metasploit 4. Reverse shell and bind shell 5. Download_execute 6. Complete Meterpreter 7. Using and modifying egghunter 8. SEH omelets 9. Writing own shellcode Module 3: Debuggers 1. Windbg 2. Ollybdg 3. Immunity Debugger A S L I T S e c u r i t y P v t L t d. Page 4

4. Gdb 5. Useful Debugger plugins Module 4: Introduction to exploits 1. Places to find public exploits 2. Exploits usage 3. Introduction to metasploit exploits Module 5: Vulnerability Discovery 1. Introduction to fuzzing and fault injection 2. Protocol fuzzing 3. File format fuzzing 4. Fuzzing frameworks (peach, sully) 5. Writing fuzzers 6. Writing metasploit fuzzers 7. Crash dump analysis Module 6: Exploiting Buffer overflows 1. Writing stack based overflows exploits 2. SEH based buffer overflow A S L I T S e c u r i t y P v t L t d. Page 5

3. Bypassing SafeSEH 4. Exploiting heap overflows 5. Developing browser and PDF exploits 6. Heap spraying 7. Jit Spraying 8. Writing Integer overflow exploits 9. Writing exploits for Metasploit 10. Porting existing exploits to Metasploit 11. Debugger plugins for automated exploit generation Module 7: Bypassing protections 1. Defeating DEP using Ret2libC 2. Return Oriented Programming 3. Finding ROP gadgets using debugger plugins 4. Bypassing ASLR 5. Bypassing EMET 6. Exploiting unicode overflows 7. Writing venetian Shellcode 8. Alphanumeric Shellcode A S L I T S e c u r i t y P v t L t d. Page 6

Module 8: Making Exploits more reliable 1. Choosing return addresses 2. Identifying bad characters Module 9: Other exploits 1. Java applet infection 2. DLL hijacking 3. Logical flaws Module 10: Reverse engineering for exploit creation 1. Binary diffing and patch diffing 2. Finding malware samples from wild 3. Finding and replacing JS in pdf malwares 4. PDF analysis tools 5. Finding and replacing shellcode in malwares 6. Finding embedded executables 7. Replacing embedded executables 8. Evading antivirus signatures A S L I T S e c u r i t y P v t L t d. Page 7

Module 11: Post exploitation 1. Different kind of shellcodes 2. Meterpreter as a complete backdoor 3. Advanced RATS 4. Other payloads A S L I T S e c u r i t y P v t L t d. Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information