[Owasp-bayarea] Hands-on event 30 jan "Introduction to binary exploitation."

Prashant Kv kvprashant at owasp.org
Mon Jan 28 22:28:54 UTC 2019

Hi All,
We will have a hands-on session on Introduction to binary exploitation. If
you ever wanted to start writing exploits, this will be a good course to
start with. No form this time :)

Date:- Wednesday, January 30, 2019 6:00 PM to 8:00 PM
Venue Arkose Labs 250 Montgomery St · San Francisco, ca
No form this time :)

In this hands-on session we are going to get an insight into the world of
binary exploitation. As the topic itself is quite complex and deep, we
don’t aim at digging into the details of any of the memory corruption
errors (e.g., stack or heap overflow). Rather the goal is to get a bit of
understanding of CPU internals, the assembly language, the goal of
debuggers, program memory layouts and basic exploitation techniques. This
information will help us to analyze binaries together and find ways to
misuse them. This session intends to give an appetizer to those who spend
most of their time with recent web technologies, but interested to
understand a little bit the nature of the underlying native world. The
exercises are going to be hosted on the Avatao framework, so everybody can
easily join to solve them.

- Browser with internet access


Gábor is a co-founder and CTO at Avatao, a cloud-based virtual lab to teach
people build secure software and systems. He earned his Ph.D. degree in
2015 from the CrySyS Lab of Budapest University of Technology and
Economics, but completed internships at iSecLab at Eurecom, France and TU
Wien, Austria, too. His main research focus was on malware analysis and
virtualization security. One of the vulnerabilities he found
(XSA-59/CVE-2013-3495) affected several Intel chipsets that enabled attacks
against hypervisors such as Xen or KVM. He was one of the key members of
the Duqu, Flame, Miniduke and Teamspy targeted attack investigation teams.
He founded and coordinated CrySyS Student Core for almost 5 years, which
was an invite-only group of exceptionally talented students interested in
system security. This group gave birth to the "!SpamAndHex" (
https://ctftime.org/team/5347) CTF team, which became one of the top teams
in the world in 2 years. As a member of !SpamAndHex he is a three-times
DEFCON CTF finalist, that is widely regarded as the hacker world
championship. Over the years, he gave talks at several cyber security
conferences in the academia (e.g., ACM AsiaCCS, ESORICS, USENIX ASE ) and
industry (e.g., DevSecCon, POC, Belluminar, Hacktivity).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bayarea/attachments/20190128/ad3e0315/attachment.html>

More information about the Owasp-bayarea mailing list