CircleCityCon 2016 has ended
Back To Schedule
Saturday, June 11 • 10:00am - 2:00pm
Writing your first exploit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Getting started in offense can be tricky. While a number of resources exist to assist newcomers, they tend to focus on using existing tools. Using tools and scripts is expected, but one must also know what those tools are doing in great detail and the best way to understand those tools is to learn how to write your own.

This training will cover the core concepts in writing exploits for network services. Students will examine the flow of control during buffer overflows in order to understand why and how buffer overflows are exploitable. Using basic Python network programming skills, students will then look at writing their own fuzzing utilities to trigger buffer overflows in software accessible over a network. After developing a fuzzer that successfully crashes a network service, students will look at tracing the crash and taking control of it so that they can achieve remote code execution on the target system. Writing custom payloads will also be discussed as time permits.

avatar for Robert Olson

Robert Olson

Lecutrer, SUNY Fredonia

Saturday June 11, 2016 10:00am - 2:00pm EDT