null Pune Humla 16 January 2016 From Crash To Exploit Register

Saturday January 16 2016 10:00 AM Humla Pune

Null offensive hacking hands-on training.

Proposed sessions for this event:

  • From Crash To Exploit by Ashfaq Ansari
Note: The session details including schedule are available below.

Overview

We are conducting a n|u Humla session at Pune on From Crash to Exploit: CVE-2015-6086 - Out of Bound Read/ASLR Bypass. This will be a complete hands-on session where attendees will be introduced to aspects of root cause analysis and the challenges faced during the development of a reliable exploit. We invite people who knows basics of user mode exploitation, assembly and enthusiasts. This is a per-invite based session and will be sending out the invites to only 10 people.

Humla Champion

Ashfaq Ansari is working as Security Consultant at Payatu Technologies where he spends time experimenting and understanding different attack vectors to exploit Windows User Mode as well as Kernel Mode vulnerabilities. He likes fuzzing and a fanboy of machine learning. He is a computer enthusiast and tries to learn new things.

Ashfaq Ansari

ashfaq[at]payatu[dot]com

Blog | null |
Github | @HackSysTeam

Payatu Technologies

http://www.payatu.com/

Agenda

  • Introduction Out of Bound Read bugs
  • Crash Demonstration
  • Understanding the bug
  • WinDbg-Fu
  • Root Cause Analysis
  • Exploitation Challenges
  • Understanding Heap Allocator
  • Exploitation Strategy
  • Massaging the Heap
  • Bypassing Address Space Layout Randomization (ASLR)
  • Q/A & Feedback

Prerequisites (Basics)

  • Patience
  • Javascript
  • Assembly
  • WinDbg

Hardware & Software Requirement

  • A laptop capable of running one virtual machine (4/8 GB of RAM).
  • 8/16 GB Flash Drive
  • Notepad++

What to Expect?

  • Fun
  • Hands-on
  • Quick Overview of Heap Allocator
  • WinDbg-Fu
  • Techniques to exploit Out of Bound Read/Write bugs

What Not to Expect?

  • Elite Browser Hacker in 1 day
  • Basics of Javascript
  • Basics of User Mode Exploitation

Note: This session is conducted to introduce root cause analysis, exploitation challenges and walk-through/hands-on. We will be focused on CVE-2015-6086 and will try to make the workshop more interesting by having discussions.

This is just the BEGINNING, not the END

Date Saturday January 16 2016
Chapter Pune
Registrations 15
Max Registrations Unlimited
Event Type Invite Only
Start Time 10:00 AM
End Time 06:00 PM

Session Schedule

Name Speaker Start Time End Time Resources
From Crash To Exploit Ashfaq Ansari 10:00 AM 06:00 PM

Venue

This is an invite only event. If you are selected you will receive further information via e-mail.