Blackhoodie: Crash Course in Binary Exploitation

Alongside our professional trainings, we will host a Blackhoodie training. Blackhoodie is a global group that organizes free women-only trainings and workshops on and beyond reverse engineering.

Details (2020)

What: Crash Course in Binary Exploitation

When: May 12 and 13 2020 (full day)

Where: Downtown Holiday Inn

Who: Women, as self-identified (Why? See Blackhoodie about)

Inscription: Via Google form. We’ll email you to confirm your registration and we’ll have a waitlist if the event fills up.

Fees: The training is free. Coffee, refreshments, snacks and lunch as well as a networking cocktail on May 12th will be offered (also for free, as part of NorthSec’s trainings). Once you register, you’ll have the option to get a ticket for the NorthSec conference on May 14 and 15 as well.

Course description

Have you ever wondered how to write an exploit for a piece of vulnerable software? When a program is vulnerable to remote code execution— what does that even mean? What’s a buffer overflow, and why does it matter in the context of information security? This two day workshop aims to shed some light on these topics with a crash course in the wild and weird world of binary exploitation, or taking advantage of a software bug to get a program to do something you, a hacker, want it to.

On the first day we’ll spend some time understanding what makes this class of vulnerabilities possible and why this still matters in 2020. After just a little bit of background, we’ll start to dive in with some hands on labs. To learn the process of writing simple stack based overflows, we’ll work on both Linux and Windows systems (x86 architecture)— first modifying exploits and eventually writing one from scratch. This means we’ll be getting down into assembly and talking about processor registers, memory management and more. On day two we’ll talk both about mitigations that software and operating systems can employ against these exploits and how we can bypass those protections as attackers. Mitigations discussed (and evaded!) will include ASLR and stack canaries.

This course is hands-on, so be prepared to dive right in! I hope you’ll grow to love assembly, debuggers, and the rush of popping a shell from a buffer overflow just as much as I do.

Please note, this is a Blackhoodie workshop– as such, registration is restricted to those identifying [partially or wholly] as female.

Who should take this course?

  • Curious people interested in how software bugs can lead to security incidents
  • Beginners interested in understanding program execution at a low level
  • Novice hackers wanting to peek under the cover of how exploits work
  • Novice defenders wanting to understand what goes into exploiting systems they defend
  • This is an introductory course, so if ROP chains are familiar friends this isn’t the workshop for you

What prerequisites should registrants have?

  • Curiosity and willingness to ask questions!
  • Some basic scripting or programming knowledge (any language will do, but we’ll be using python, PowerShell, and bash)
  • A laptop with:
    • Virtualization software such as virtual box or VMware (virtual box recommended)
    • USB 3.0 or USB C port
    • Chrome or Firefox
    • Administrator privileges

Bio

Mary Walker Principal Security Consultant, Malware Analysis Specialist

Mary is a security engineer who works on digital forensics and malware analysis with a focus on all things malware. Her current role is structured to support incident response, and she loves helping defenders keep organizations secure. She writes and tests binary exploit challenges for capture the flag competitions for fun and got her start in security by writing buffer overflows. She’s been working in Infosec for just over three years after earning an MS in Cyber Security; she holds an OSCP, GCFA, GREM, and GXPN. Mary lives in Seattle, WA with her husband, German Shepherd, and cat. Outside of security, she’s excited about mechanical keyboards, PC gaming, dogs, coffee, and books. Feel free to reach out on Twitter, you can find her @mairebear.

Return to training sessions