Linux Heap Exploitation
4-Day Training | Virtual
| 21-24 November 2021

Linux Heap Exploitation

This 4-day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, and embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc.  
Managing Director, InfoSect

Available seats

TBA

Difficulty

Intermediate
US$ 4,299

Attend in-person

TBA

Attend online

via livestream

Date

21-24 November 2021

Time

09:00 to 17:00 GST/GMT+4
This 4-day course will give an in depth examination of a variety of current heap allocators in the context of exploit development, including glibc’s ptmalloc2, Chrome’s PartitionAlloc, JEMalloc, TCMalloc, and embedded allocators such as avr-libc, newlib, or dietlibc, and those used in Linux Docker images such musl and uClibc.

The lectures and labs will look at numerous ways to misuse each of these allocators in the latest versions of each. Access to laboratories will be provided and students will receive a certificate of completion and an InfoSect swag pack including a tshirt, stickers, pen, and mug.

  • Developers

  • IT Professional

  • Embedded Developers

  • OS Developers

  • Penetration Testers

  • Software Security Auditors/Analysts

  • Vulnerability Researchers

  • Software Exploitation Developers

  • and anyone interested

Students taking Code Review should have an intermediate C and Python Development background. They should have hands on experience in:

  • C Coding Experience

  • Python Coding Experience

  • Linux

  • An internet connection
  • A browser
  • Webcam & microphone (optional)
  • Your favourite SSH tool
  • PDF viewer for notes & lab guide

+Testimonials

No data was found

+agenda

Title

Details

Date

Day 1 - Linux Heap Exploitation Training

Lectures

• Introduction to the Training
• Memory Corruption
• Control Flow Hijacking
• Heap Data Structures
• The TCache
• TCache Poisoning
• TCache Poisoning in glibc 2.27-2.31

 

Labs
• Arbitrary Write to Code Execution
• TCache Poisoning

21 November 2021
Day 2 - Linux Heap Exploitation Training

Lectures and Labs
• Pointer Guard in glibc
• Linux Kernel SLUB Allocator
• ISO Alloc
• Safe Linking in glibc 2.32
• Revisiting SLUB
• TCache Double Free
• Fast Bin Double Free
• Double Free Mitigation Bypass
• Overlapping Chunks
• Calloc I
• Calloc II
• House of Force

22 November 2021
Day 3 - Linux Heap Exploitation Training

Lectures and Labs

• TCache House of Spirit

• Fast Bin Poisoning I

• Fast Bin Poisoning II

• Unsorted Bin Libc Base Leak

• TCMalloc
– Freelist Poisoning
– Double Frees
– Overlapping Chunks

• JEMalloc
– Overlapping Chunks

• PartitionAlloc
– Freelist Poisoning
– Double Frees
– Overlapping Chunks

23 November 2021
Day 4 - Linux Heap Exploitation Training

Lectures and Labs

• uClibc
– Unlink

• newlib
– Freelist Poisoning
– House of Spirit

• dietlibc
– Freelist Poisoning
– House of Spirit

• musl
– Freelist Poisoning

• avr-libc
– Freelist Poisoning
– House of Spirit
– Overlapping Chunks

24 November 2021

Book your spot for this training

+TRAINERS

Dr Silvio Cesare
Managing Director, InfoSect

Dr Silvio Cesare is the Managing Director at InfoSect. He has worked in technical roles and been involved in computer security for over 20 years.

This period includes time in Silicon Valley in the USA, France, and Australia. He has worked commercially in both defensive and offensive roles within engineering.

He has reported hundreds of software bugs and vulnerabilities in Operating Systems kernels.

He was previously the Director for Education and Training at UNSW Canberra Cyber, ensuring quality content and delivery. In his early career, he was the scanner architect and a C developer at Qualys. He is also the co-founder of BSides Canberra – Australia’s largest cyber security conference. He has a Ph.D. from Deakin University and has published within industry and academia, is a 4-time Black Hat speaker, gone through academic research commercialisation, and authored a book (Software Similarity and Classification, published by Springer).

+OTHER COURSES YOU MIGHT BE INTERESTED IN

x86-64 All You Can Learn Buffet!
US$ 4,299
x86-64 All You Can Learn Buffet!

This class is run a little different from most classes. We provide you purpose-built recorded lectures instead of trapping you in realtime with live-lectures. But fear not, the instructor is always right there eagerly waiting to mingle with the students and answer any questions you have. (The instructor really likes being asked questions. It shows you're paying attention ;)). One of many benefits is that you can watch lectures at 2x speed and zoom ahead of the other students and get to the hands on labs quicker. Or if there's bits of material you already know, you can just skip them and move on to the bits you don't know! Another big benefit is that you get to take the full lectures and labs with you! That means if you forget stuff and then need it in 6 months, you can quickly re-bootstrap yourself! Or you can watch the class twice, to really grow those neural connections and cement it in your brain! And unlike live lectures, our lectures are always getting more factually accurate, by having any accidental errors edited out.


Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 Reset Vector Firmware class.
4-Day Training Hybrid
x86-64 Reset Vector Firmware
US$ 2,299
x86-64 Reset Vector Firmware

This class is designed to give you all the background you need to understand how x86-64 reset vector firmware works, and what the most common security misconfigurations are. It will prepare you to be able to read and understand the existing attack and defense research in the space, taking an explicit walk through of the attack and defense moves and counter-moves threat tree. And as always, this classes teaches you to be comfortable with Reading The Fun Manual (RTFM!) to go seek out the most accurate details of how things work, and to see out new problems in new areas that no one's read yet with a security mindset.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 OS Internals
US$ 2,299
x86-64 OS Internals

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware. This is taught in a *mostly* OS-agnostic way focusing on Intel-isms rather than OS-isms (albeit with using Windows as reinforcement, thanks to its excellent kernel-level debugging support.) This class also teaches you to be comfortable with Reading The Fun Manual (RTFM!) to give you self-sufficiency when seeking out the most accurate details of how things work.

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

Go HERE to join the 2-day x86-64 Assembly class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.
2-Day Training Hybrid
x86-64 Assembly
US$ 2,299
x86-64 Assembly

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB. This knowledge of assembly is the fundamental skill which is required to learn reverse engineering and vulnerability exploitation. Reverse engineering is in turn a fundamental skill which is required for malware analysis and vulnerability hunting.

 

You can also opt to attend this class on 23 & 24 Nov instead. To do so, just email info@cyberweek.ae

 
Go HERE to join the 2-day x86-64 OS Internals class. Or,
Go HERE to join the 2-day x86-64 Reset Vector Firmware class. Or,
Go HERE to join the 4-day x86-64 All You Can Learn Buffet class.  
2-Day Training Hybrid