Slide 1
Slide 1
Slide 1
Slide 1
Slide 1
Slide 1

PRESENTATION MATERIALS

PHOTOS / VIDEOS

Official conference photos and HD videos will be made available in the next 2-3 weeks. Please follow @hitbsecconf on Twitter for links or join our Facebook Group

TECH TRAINING 2 – ADVANCED LINUX EXPLOITATION METHODS

TRAINER: Jonathan Brossard (CEO, Toucan Systems)

CAPACITY: 20 pax

SEATS LEFT: REGISTRATION CLOSED

DURATION: 2 days (22nd & 23rd May 2012)

COST (per pax): EUR1499 (early bird) / EUR1899 (non early-bird)

 

OVERVIEW

The course will take the form of a Wargame, a popular exercise among security specialists. It covers the latest exploitation techniques, including ret2libc, ROP, heap sparying, stack canaries bruteforce etc. to exploit memory corruptions and non memory corruption bugs. In a nutshell, the game consists of several challenges trainees must pass to access to the next level.

The target is an Ubuntu server equipped with the latest security features (compiler SSP capable, stack canaries, randomization (ASLR) , non executable segments, security enhanced libc, among others). This is representative of the state of the art in computer security. At each level, trainees will have to discover vulnerabilities in applications, write code to exploit them, and finally submit a patch to fix each vulnerability in order to gain access to the next level. This approach is at the same time very practical and adaptive to the level of each trainee.

The wargame is very progressive and covers most of the vulnerability classes affecting modern software. Exploitation & defence mechanisms will be explained in detail and solutions will be given to all the levels of the wargame. Stack overflows, heap overflows (using heap spraying), missing format strings, file descriptor leakage and incorrect security permissions will be covered amongst others.

Attack vectors and defence mechanisms of modern operating systems will be demonstrated through practical examples. The tools and methodologies to discover, prove and fix vulnerabilities will be released to the trainees along with the wargame, which will give trainees the knowledge to discover and properly fix vulnerabilities in actual software. Reverse Engineering, binary refactoring and debugging will also be covered extensively.

ABOUT THE TRAINER

Jonathan Brossard (CEO, Toucan Systems)

Jonathan is a security research engineer holding an Engineering degree and a Master in Artificial Intelligence. Born in France, he’s been living in Brazil and India, before currently working in Australia. With about 15 years of practice of assembly, he is specialised in low level security, from raw sockets to cryptography and memory corruption bugs.

He has been credited for the discovery of complex vulnerabilities in cryptographic software (eg: Microsoft Bitlocker, Truecrypt, and most BIOS software of the market including HP, Intel or Toshiba ones most notably), mainstream software (Opera web browser, adobe reader, top tiers antivirus softwares) and Virtualization software. He is currently working as Senior Security Consultant and CEO at the Toucan System security company (http://www.toucan-system.com). His clients count some of the biggest Defense and Financial Institutions worldwide.

Jonathan is also the co-organiser of the Hackito Ergo Sum conference (HES2011) in France. Jonathan has been a speaker at a number of great intenational conferences including Blackhat, Defcon, HITB (Amsterdam & Kuala Lumpur), Ruxcon (Australia), Hackito Ergo Sum (France), and is a recurrent speaker at H2HC (Brazil & Mexico).

Okura Hotel Amsterdam
Ferdinand Bolstraat 333, 1072 LH Amsterdam,
The Netherlands

1-Day Intensive Training Sessions – 21st of May / 0900 – 1800

 

SPECIAL OPS 1  - WIRELESS SECURITY KUNGF00

SPECIAL OPS 2  – THE ART OF EXPLOITING SQL INJECTION FLAWS

SPECIAL OPS 3 – MOBILE APPLICATION HACKING – ATTACK & DEFENSE



2-Day Hands on Training Sessions – 22nd – 23rd of May / 0900 – 1800

TECH TRAINING 1  – HUNTING WEB ATTACKERS

TECH TRAINING 2  – ADVANCED LINUX EXPLOITATION METHODS

TECH TRAINING 3  - ADVANCED APPLICATION HACKING – ATTACKS, EXPLOITS & DEFENSE

 

 



3-Day Hands on Training Sessions – 21st, 22nd & 23rd of May / 0900 – 1800

TECH TRAINING 4  – THE EXPLOIT LABORATORY: ADVANCED EDITION




QUAD TRACK CONFERENCE – 24th & 25th of May / 0900 – 1800

Featuring keynotes by BRUCE SCHNEIER and ANDY ELLIS



EVENT ORGANIZER

LOCAL PARTNER

PLATINUM SPONSORS

GOLD SPONSORS

TITANIUM SPONSOR (POST CONFERENCE RECEPTION + SPEAKER RECEPTION)

SILVER SPONSOR

HACKWEEKDAY SPONSOR

ALCO_PWN SPONSOR (POST CONFERENCE RECEPTION)

HITB LAB / SIGINT SPONSOR

NETWORK SPONSORS AND UPLINK

ADDITIONAL SUPPORT BY

SUPPORTING MEDIA

FRIENDS OF HITB

Copyright © 2012 Hack In The Box | http://www.hackinthebox.org

( / 10 )