Linux Heap Exploitation

InfoSect is a training provider in Canberra, Australia. We offer specialist courses in Computer Security. Additionally, we offer space or the entire venue for hire including office and warehouse facilities.

InfoSect Canberra

Courses scheduled for March - June 2020 will be run as online, live interactive training as per <A HREF="https://blog.infosectcbr.com.au/2020/03/infosect-coronavirus-covid-19.html" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">https://blog.infosectcbr.com.au/2020/03/infosect-coronavirus-covid-19.html</A>
This 5 day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc. The lectures and labs will look at numerous ways to misuse each of these allocators in the latest versions of each.
To achieve these attacks we will have detailed examinations of the main heap structures including the thread caches, freelists, bins, malloc chunks, and arenas.
These attacks will be used to gain such primitives as:
<UL>
<LI>Having malloc return an arbitrary pointer</LI>
<LI>Having allocated chunks overlap each other</LI>
<LI>Returning the same allocated memory</LI>
<LI>Having calloc return uninitialised memory</LI>
<LI>Leaking the libc base and other sensitive information</LI>
</UL>
Attacks will be constructed for a variety of heap allocators, including:
<UL>
<LI>Freelist poisoning</LI>
<LI>Overlapping chunks</LI>
<LI>Freeing attacker controlled pointers</LI>
<LI>Contemporary unlink attacks</LI>
<LI>Double frees</LI>
</UL>
Course Objectives
To learn and demonstrate attacks on current heap allocators to gain exploitation primitives.
 
Training Outcomes
<UL>
<LI>Demonstrate understanding of the heap data structures</LI>
<LI>Demonstrate debugging heap data structures</LI>
<LI>Demonstrate attacks against multiple heap allocators</LI>
</UL>
Who Should Attend?
<UL>
<LI>Developers</LI>
<LI>IT Professionals</LI>
<LI>Embedded Developers</LI>
<LI>OS Developers</LI>
<LI>Penetration Testers</LI>
<LI>Software Security Auditers/Analysts</LI>
<LI>Vulnerability Researchers</LI>
<LI>Software Exploitation Developers</LI>
<LI>Anyone else interested</LI>
</UL>
About the Trainer
Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years. This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering. He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels. He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra – Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).
 
What to Bring
All materials are provided by InfoSect
 
What will be Provided?
<UL>
<LI>Laptops for class use</LI>
<LI>Coil bound lecture materials</LI>
<LI>Catering provided.</LI>
<LI>Access to VMs with laboratories</LI>
<LI>InfoSect Swag</LI>
</UL>
 
Participant Skillset
Students taking Linux Heap Exploitation should have an intermediate C Development background. They should have hands on experience in:
<UL>
<LI>C Coding Experience</LI>
<LI>Python Coding Experience</LI>
<LI>Linux</LI>
<LI>InfoSect’s Code Review course is a suitable prerequisite.</LI>
</UL>
 
Class Syllabus **
Day 1
Heap Misuse Control Flow Hijacking Heap Data Structures Debugging TCache Poisoning TCache Double Free Fast Bin Double Free
Day 2
Overlapping Chunks Calloc I Calloc II House of Force Double Free Mitigation Bypass
Day 3 
TCache House of Spirit Fast Bin Poisoning I Fast Bin Poisoning II Unsorted Bin Libc Base Leak
Day 4
             TCMalloc
Freelist Poisoning Double Frees Overlapping Chunks
             JEMalloc
                           Overlapping Chunks 
             PartitionAlloc
Freelist Poisoning Double Frees Overlapping Chunks
Day 5
             uClibc
                          Unlink
             newlib
Freelist Poisoning House of Spirit
             dietlibc
Freelist Poisoning House of Spirit
             musl
                           Freelist Poisoning
             avr-libc
Freelist Poisoning House of Spirit Overlapping Chunks
** subject to changes

InfoSect

Our {communityGuidelinesLink} describe the sort of content we prohibit on Eventbrite. If you suspect an event may be in violation, you can report it to us so we can investigate.

To report other categories of prohibited or illegal content, submit {link}

Linux Heap Exploitation

More events from InfoSect Canberra

Discover more events from InfoSect Canberra, from Science & Tech to other experiences you might love.

Still looking for the right event?

Explore all events in Fyshwick and filter by date, category, and more to find the perfect fit.

Linux Heap Exploitation

More events from InfoSect Canberra

Discover more events from InfoSect Canberra, from Science & Tech to other experiences you might love.

More Science & Tech events

Browse more Science & Tech events with different dates, prices, and formats to find your next great experience.

Still looking for the right event?

Explore all events in Fyshwick and filter by date, category, and more to find the perfect fit.