4-DAY TRAINING 1 – Linux Heap Exploitation

THIS CLASS IS NOW BEING HELD ONLINE FOLLOWING SINGAPORE TIMEZONE (CET +6)

 

DURATION: 4 DAYS

CAPACITY: 15 pax

SEATS AVAILABLE: REGISTRATION CLOSED

USD3499

Overview

This 4 day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, and embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc. The lectures and labs will look at numerous ways to misuse each of these allocators in the latest versions of each.

Key Learning Objectives

  • To be able to exploit heap corruption in C programs on Linux using the latest versions of a variety of allocators.
  • Demonstrate understanding of heap data structures.
  • Demonstrate debugging heap data structures.
  • Demonstrate attacks against the heap

Who Should Attend

  • Developers
  • IT Professional
  • Embedded Developers
  • OS Developers
  • Penetration Testers
  • Software Security Auditors/Analysts
  • Vulnerability Researchers
  • Software Exploitation Developers
  • and anyone interested

Prerequisite Knowledge

Students taking Code Review should have an intermediate C and Python Development background. They should have hands on experience in:

  • C Coding Experience
  • Python Coding Experience
  • Linux

Hardware / Software Requirements

  • Laptops for class use.
  • Stable Internet access.
  • A microphone/webcam is optional.
  • Adobe Connect installed on a Windows OS.
  • An SSH client.

What Will Be Provided

  • Access to laboratories

Agenda – Day 1:

Lectures

  • Introduction to the Training
  • Heap Misuse
  • Control Flow Hijacking
  • Ptmalloc2 Heap Data Structures
  • Debugging
  • TCache Poisoning

Labs

  • Arbitrary Write to Code Execution
  • TCache Poisoning

Agenda – Day 2:

Lectures and Labs

  • TCache Double Free
  • Fast Bin Double Free
  • Overlapping Chunks
  • Calloc I
  • Calloc II
  • House of Force
  • Double Free Mitigation Bypass
  • TCache House of Spirit
  • Fast Bin Poisoning I
  • Fast Bin Poisoning II
  • Unsorted Bin Libc Base Leak

Agenda – Day 3:

Lectures and Labs

  • TCMalloc
    • Freelist Poisoning
    • Double Frees
    • Overlapping Chunks
  • JEMalloc
    • Overlapping Chunks
  • PartitionAlloc
    • Freelist Poisoning
    • Double Frees
    • Overlapping Chunks

Agenda – Day 4:

Lectures and Labs

  • uClibc
    • Unlink
  • newlib
    • Freelist Poisoning
    • House of Spirit
  • dietlibc
    • Freelist Poisoning
    • House of Spirit
  • musl
    • Freelist Poisoning
  • avr-libc
    • Freelist Poisoning
    • House of Spirit
    • Overlapping Chunks

TRAININGS
Location: Training Rooms Date: July 20, 2020 Time: 9:00 am - 6:00 pm Dr Silvio Cesare