.

SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

<<

blueshift23

Newbie
Newbie

Posts: 3

Joined: Mon Aug 04, 2008 1:42 pm

Post Tue Jan 27, 2009 4:00 pm

SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

Hello...

This is Steve Sims sending out an update on my SANS course SEC709 - Developing Exploits for Penetration Testers & Security Researchers. The course has been expanded to a four day course, with a five day version running occasionally as well. Interestingly, the course is getting mostly international and government attention...

The four day version includes:

- Writing standard Stack-based buffer overflows.
- Writing return-to-libc style stack-based buffer overflows.
- Defeating Stack Canaries and Cookies.
- Defeating Address Space Layout Randomization (ASLR)
- Defeating software and hardware Data Execution Prevention (DEP).
- Defeating Safe-Structured Exception Handling (SafeSEH).
- Exploiting format string vulnerabilities.
- Heap overflows abusing dlmalloc and ptmalloc.
- FreeList exploitation.
- GOT, DTORS, and function pointer overwrites.
- Heap spraying on XP SP2/3 & Vista.
- Process Environment Block (PEB) Exploitation.
- Fuzzing for bug discovery.
- Understanding x86 assembly.
- Understanding symbol resolution in depth.
- Capture the Flag!

This is a very technical, advanced course and is not for everyone. It is very up to date unlike many other courses I've come across through various vendors. I would love to have you if you're up to the challenge! You do not need to be a programmer, but do need to understand programming concepts and be a quick learner. We use Python and C to exploit vulnerable programs written in C and C++.

Why should you take the course? The companies we are protecting expect us to have a strong skill set when it comes to penetration testing. Running automated checks for known vulnerabilities is fine, but only checks for, well, known vulnerabilities. When performing black box or crystal box penetration testing, or when testing home-grown and commercial applications, you must be able to step outside of the box and exhaust all attack vectors. Also, during a risk assessment, you may get a risk item after running a code scanning tool such as Fortify. Does this mean the risk item is an absolute flaw in the application that allows an attacker to take control? Unless you can take the next step and write custom exploitation PoC code, you don't know... I've seen countless companies spend millions on remediating code for a supposed vulnerability that cannot be exploited.

Other justification for taking the course includes:

- Understanding the attack methods hackers use to write 0-day exploits.
- Understanding what security controls have been applied to various Windows and Linux OS' and how to defeat them!
- The ability to write custom exploits.
- Knowledge gained and job security.
- Because you're a security rockstar...!

There is no ego or assumptions that come with this class. The course is to serve as a bridge from standard penetration testing to advanced penetration testing and exploitation development. Through the methods used in the class, I have discovered 0-day vulnerabilities in RFID software, TFTP software, FTP software, RPC services, Cellular phone software and a plethora of home-grown application flaws.

If you have any questions, you can hit me up at stephen@deadlisting.com. I'm happy to answer questions on the course material, prerequsites, etc...

The course and dates it is running can be found here: http://www.sans.org/training/description.php?mid=1107

Regards...

Steve
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Jan 27, 2009 4:23 pm

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

Hello and welcome, Steve.

Thanks for the great description of the course! :) It definitely sounds like something a lot of us will surely be interested in. I'm certainly adding it onto my wish list ;D

BillV
<<

blackazarro

User avatar

Sr. Member
Sr. Member

Posts: 368

Joined: Sun Aug 13, 2006 5:31 pm

Post Tue Jan 27, 2009 5:45 pm

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

ooh... I would love to take this course.
Security+, OSCP, CEH
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Jan 27, 2009 7:41 pm

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

Very nice course. I was referred to that course a few days ago when I was posted a question in the forum and it looks like just the course I asked about. Would be a good Feb 2009 Free Giveaway for active members, -coughs- not that I'm hinting anything Don.  :D
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Feb 14, 2009 1:49 pm

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

blueshift23 wrote:This is a very technical, advanced course and is not for everyone. It is very up to date unlike many other courses I've come across through various vendors. I would love to have you if you're up to the challenge! You do not need to be a programmer, but do need to understand programming concepts and be a quick learner. We use Python and C to exploit vulnerable programs written in C and C++.


How much C & C++ would I have to know? I have my GPEN, GCIH, but I haven't done C, C++ in years. I used to be a developer (VB -> C#) before I switched to networking and eventually into security.
twitter.com/timmedin | http://blog.securitywhole.com
<<

blueshift23

Newbie
Newbie

Posts: 3

Joined: Mon Aug 04, 2008 1:42 pm

Post Mon Feb 16, 2009 1:53 am

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

Hey...

Congratulations on getting the GCIH and GPEN!

For SEC709, you do not need to know C and C++ very well, but you need to understand programming concepts and have some experience with at least scripting or else the content may seem rather abstract. It sounds like you have the necessary background. I can tell you it will be much more challenging than most other courses.

We only write one exploit in C and that's to beat ASLR on Linux Kernel 2.6.28. We use Python to do most of the exploitation, which is a very easy programming language and quite intuitive in terms of exploitation. We spend most of our time hacking C programs, which of course we are doing by going through debuggers and assembly... This you learn in class.

Please contact me at stephen@deadlisting.com if you have any further questions. Starting at SANSFIRE in June, the first day of the 5-day class will be on "Fuzzing for Bug Discovery." In Orlando and New Orleans it is a 4-day course...

Thanks...

Steve
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Mon Feb 16, 2009 12:47 pm

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

blueshift23 wrote:Thanks...

Steve


You aren't by chance Steve Sims the course author?
twitter.com/timmedin | http://blog.securitywhole.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Feb 16, 2009 1:03 pm

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

lol,
my guess is he is man, he knows a lot about the course & provided the same e-mail up top.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Mon Feb 16, 2009 2:37 pm

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

KrisTeason wrote:lol,
my guess is he is man, he knows a lot about the course & provided the same e-mail up top.


Didn't read that well enough. Today is not my day ;)
twitter.com/timmedin | http://blog.securitywhole.com
<<

Ne0

Jr. Member
Jr. Member

Posts: 62

Joined: Thu Sep 04, 2008 5:28 pm

Post Tue Feb 17, 2009 4:06 am

Re: SANS SEC709 - Developing Exploits for Penetration Testers & Security Researchers

some times u have to risk to no more abt the hidden objects  ;D

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software