4-DAY TRAINING 1 – Linux Heap Exploitation

DURATION: 4 DAYS

CAPACITY: 20 pax

SEATS AVAILABLE: 20


USD3499 [Early Bird]

USD4299 [Normal]

Early bird registration rate ends on the 24th of April


Overview

This 4 day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, and embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc. The lectures and labs will look at numerous ways to misuse each of these allocators in the latest versions of each.

Key Learning Objectives

  • To be able to exploit heap corruption in C programs on Linux using the latest versions of a variety of allocators.
  • Demonstrate understanding of heap data structures.
  • Demonstrate debugging heap data structures.
  • Demonstrate attacks against the heap

Who Should Attend

  • Developers
  • IT Professional
  • Embedded Developers
  • OS Developers
  • Penetration Testers
  • Software Security Auditors/Analysts
  • Vulnerability Researchers
  • Software Exploitation Developers
  • and anyone interested

Prerequisite Knowledge

Students taking Code Review should have an intermediate C and Python Development background. They should have hands on experience in:

  • C Coding Experience
  • Python Coding Experience
  • Linux

Hardware / Software Requirements

  • Laptops for class use.

What Will Be Provided

  • Access to laboratories on the “cyber range”
  • InfoSect Swag

Agenda – Day 1:

Lectures

  • Introduction to the Training
  • Heap Misuse
  • Control Flow Hijacking
  • Ptmalloc2 Heap Data Structures
  • Debugging
  • TCache Poisoning

Labs

  • Arbitrary Write to Code Execution
  • TCache Poisoning

Agenda – Day 2:

Lectures and Labs

  • TCache Double Free
  • Fast Bin Double Free
  • Overlapping Chunks
  • Calloc I
  • Calloc II
  • House of Force
  • Double Free Mitigation Bypass
  • TCache House of Spirit
  • Fast Bin Poisoning I
  • Fast Bin Poisoning II
  • Unsorted Bin Libc Base Leak

Agenda – Day 3:

Lectures and Labs

  • TCMalloc
    • Freelist Poisoning
    • Double Frees
    • Overlapping Chunks
  • JEMalloc
    • Overlapping Chunks
  • PartitionAlloc
    • Freelist Poisoning
    • Double Frees
    • Overlapping Chunks

Agenda – Day 4:

Lectures and Labs

  • uClibc
    • Unlink
  • newlib
    • Freelist Poisoning
    • House of Spirit
  • dietlibc
    • Freelist Poisoning
    • House of Spirit
  • musl
    • Freelist Poisoning
  • avr-libc
    • Freelist Poisoning
    • House of Spirit
    • Overlapping Chunks

Location: Date: July 20, 2020 Time: 9:00 am - 6:00 pm Dr Silvio Cesare