Corelan is back at Hack In Paris for the 6th time, offering the 'Advanced Win32 Exploitation' course again.
The Corelan® “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer.
This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on Win32 exploit development. This is a truly unique opportunity to learn advanced exploitation skills from “corelanc0d3r”, the founder of Corelan Team, author of mona.py, and author of numerous tutorials on Exploit Development for the Win32 platform.
You will leave this class with an arsenal of tools, techniques and insights that will allow you to find bugs more easily, understand and manipulate the Windows heap, diagnose and understand heap corruptions and write complex exploits.
Students are expected to understand the basics of memory management on Windows (stack, heap, process virtual memory layout), master stack based buffer overflows (saved return pointer overwrites, SEH overwrites), and have practical experience with ASLR & DEP bypass (i.e. you must be able to write ROP chains yourself).
Peter Van Eeckhoutte is the founder of Corelan Team and the author of the well-known tutorials on Win32 Exploit Development Training . The team gathers a group of IT Security enthusiasts and researchers from around the world, who all share common interests: doing research, gather & share knowledge, and perform responsible/coordination disclosure. Above all, the team is well known for their ethics and their approach to helping other people in the field.
With his team, he has developed and published numerous tools that will assist pentesters and exploit developers, and published whitepapers/video’s on a wide range of IT Security related topics (pentesting tools, (malware) reverse engineering, etc). The team also moderates a forum that provides a platform for people who want to talk about exploit development, and operates an IRC channel (freenode, channel #corelan).
Peter has been an active member of the IT Security community for close to 15 years and has been working on exploit development for 10 years. He presented at security conferences (Athcon, Hack In Paris, DerbyCon) and delivered the Corelan Live Win32 Exploit Development Bootcamp at various places around the globe. He trained security enthusiasts & professionals from private companies, government agencies and military. You can read more about their experiences on his website.
Even wondered how different attacking a Mobile application would be, from a traditional web application? Gone are the days when knowledge of just SQL Injection or XSS could help you land a lucrative high-paying infoSec job. After the introduction of iOS 10 and Android 7 Nougat, We are bringing an updated version of the course with the latest tools & techniques. This will be an introductory course on exploiting iOS and Android applications, suited well for both beginners as well as advanced security enthusiasts. The training will be based on exploiting Damn Vulnerable iOS app, Android-InsecureBankv2 and other real-world application vulnerabilities in order to give an in-depth knowledge about the different kinds of vulnerabilities in Mobile applications. This course will also discuss how an attacker can secure their application using secure coding & obfuscation techniques. After the workshop, the students will be able to successfully pentest and secure applications running on the various operating systems. The training will also include a CTF challenge in the end where the attendees will use their skills learnt in the training to solve the CTF challenges. The students will be provided with Slides, tools and VMs used during the course.
This course is for penetration testers, mobile developers or anyone keen to learn mobile application security
Module 1 : Getting Started with iOS Pentesting
Module 2 : Static and Dynamic Analysis of iOS Apps
Module 3 : Exploiting iOS Applications
Module 4 : Reversing iOS Apps
Module 5 : Securing iOS Apps
OWASP member and contributor has been working in the infosec industry for about 5 years. He is currently working as an Information security engineer for an airlines company. During his five years, he has performed a number of penetration tests on mobile and web applications and even developed a lot of applications for the App Store. His core focus area is iOS application pentesting and exploitation. He is also the author of the open source vulnerable application named Damn Vulnerable iOS app and also runs a popular blog series on iOS application security at http://highaltitudehacks.com/security.
"The great power of Internet Of Things comes with the great responsibility of security". Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.
The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software/hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attack the underlying hardware of the sensors using various practical techniques. In addition to the protocols and hardware we will extensively focus on reverse engineering mobile apps and native ARM/MIPS code to find weaknesses.
Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the required tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.
The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialise in IoT security. The course is structured for beginner to intermediate level attendees who do not have any experience in IoT, reversing or hardware.
Aseem Jakhar is the Director, research at Payatu Technologies Pvt Ltd payatu.com a boutique security testing company. He is well known in the hacking and security community as the founder of null -The open security community, registered not-for profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has extensive experience in system programming, security research, consulting and managing security software development projects. He has worked on various security software including UTM appliances, messaging/security appliances, anti-spam engine, antivirus software, multicast packet reflector, Transparent HTTPS proxy with captive portal, Bayesian spam filter to name a few. He currently spends his time researching on IoT security. He is an active speaker and trainer at security and open source conferences; some of the conferences he has spoken at include AusCERT, Defcon, Hack.lu, Black Hat, PHDays, Xcon, Cyber security summit - Bangalore, Cocon, OSI Days - Bangalore, Clubhack, Gnunify. His research includes Linux remote thread injection, automated web application detection and dynamic web filter. He is the author of open source Linux thread injection kit -Jugaad and Indroid which demonstrate a stealthy in-memory malware infection technique.
Burp Suite is a powerful integrated platform for web application security. In this hands-on class, attendees will learn how to design and develop Burp Suite extensions for a variety of tasks. In just few hours, we will work on plugins to improve manual security testing efforts as well as to create fully-automated security tools. This workshop is based on real-life use cases where the extension capabilities of the tool can be unleashed to improve efficiency and effectiveness of security auditing. As an attendee, you will bring home a full bag of tricks that will take your web security skills to the next level.
Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience (Burp Extensions will be developed in Java). While Burp extensions are developed live in Java, attendees can work on Python or Ruby since all exercises are also provided in those languages.
Suitable for both web application security specialists and developers.
Attendees should bring their own laptop with the latest Java as well as their favourite IDE installed.
With over 14 years of experience in the application security field, Luca Carettoni is a respected web security expert. Throughout his career, he worked on security problems across multiple industries and companies of different size. He is the co-founder of Doyensec, an application security consultancy working at the intersection of offensive engineering and software development. At LinkedIn, he led a team responsible for identifying new security vulnerabilities in applications, infrastructure and open source components. Prior to that, Luca worked as the Director of Information Security at Addepar, a startup that is reinventing global wealth management. Proud to be a Matasano Security alumni, he helped bootstrapping the Silicon Valley office by delivering high-quality security assessments to software vendors and startups. As a security researcher, he discovered numerous vulnerabilities in software products of multiple vendors including 3com, Apple, Barracuda, Cisco, Citrix, HP, IBM, Oracle, Sun, Siemens, VMware, Zend and many others. Since the beginning of his career, he has been an active participant in the security community and a member of the Open Web Application Security Project (OWASP). Luca holds a Master’s Degree in Computer Engineering from the Politecnico di Milano University.
Continuous Build & Deployment tools, Message brokers, Configuration Management systems, Resource Management systems and Distributed file systems are some of the most common systems deployed in modern cloud infrastructures thanks to the increase in the distributed nature of software. Modern day pentesting is no more limited to remote command execution from an exposed web application. In present day scenario, all these applications open up multiple doors into a company’s infrastructure. One must be able to effectively find and compromise these systems for a better foothold on the infrastructure which is evident through the recent attacks on the application stack through platforms like Shodan paving way for a full compromise on corporate infrastructures.
In this 2 day course we start by looking at the application stack consisting of Databases,CI tools, Distributed Configuration & Resource management tools, Containers, Big Data Environments, Search technologies and Message Brokers.
Along with the training knowledge, the course also aims to impart the technical know-how methodology of testing these systems. This course is meant for anyone who would like to know, attack or secure the modern day stack. The students are bound to have some real fun and entirely new experience through this unique course, as we go through multiple challenging scenarios one might not have come across.
During the entire duration of the course, the students are expected to learn the following:
Students are encouraged to follow the technical training with hands-on approach to the facilitated labs for every module to gain deeper and practical understanding of the topic.
Knowledge of basic pentesting, web application working and linux command line basics,the ability to use a web proxy like Burp Suite, ZAP, and the ability to write basic scripts in any interpreted language is an added advantage.
The requirement for the course is a laptop with administrative and USB access and minimum configuration of 8GB RAM and 100GB hard-disk space.Full virtualisation support, Virtual Box and Docker should be installed. Unix box is preferred.
Pentesting some of the widely used systems in the modern stack :-
Module 0: Modern Application Stack
Module 1: Pentesting Databases:
Module 2: Public Cloud Environments
Module 3: CI Tools
Module 4: Software Collaboration Tools
Module 5: Message Brokers
Module 6: Containers
Module 7: Distributed Configuration Management Systems (DCMS)
Module 8: Distributed File System
Module 9: Kubernetes,Mesos and Marathon (Distributed Deployment & Resource Management)
Module 10: Search Technologies
10+ containerized labs to emulate sophisticated production stack along with applications.
Bharadwaj Machiraju is project leader for OWASP OWTF. He is mostly found either building a web appsec tool or hunting bugs for fame (hackerone.com/tunnelshade). All tools are available at github.com/tunnelshade and all ramblings at blog.tunnelshade.in . Spoke at few conferences notably Nullcon, Troopers, Brucon, Pycon India etc.. Apart from information security, he is interested in sleeping, mnemonic techniques & machine learning.
Francis Alexander , Security Engineer for Envestnet|Yodlee has over 3+ Years of Experience in the Application Security industry, the author of NoSQL Exploitation framework and NoSQL Honeypot. His areas of interest include NoSQL Databases, Machine Learning and Cloud Security. He has been invited to speak & train at variety of conferences such as Troopers, Insomn'hack, Hack in the Box, Hack in Paris, 44Con, Nullcon, C0c0n.
SAP is no longer an unknown black box for security community and SAP product appears more and more often in audit requests. This training is focused on SAP Netweaver ABAP. Because we can't cover all SAP software in two days, we decided to work on the most frequent vulnerabilities we faced during our pentests. We'll provide different SAP Systems with different configuration issues in 'realist' environment with a SAP security specialist who receives official acknowledgements from SAP for vulnerabilities reported. Few slides, lots of practical, this is the leitmotiv of this workshop. SAP knowledge is not required.
Yvan as near than 15 years old experiences in SAP. Begin as SAP basis administrator for various highest French companies. He focuses himself to SAP Security, where he's self-taught, since 5 years. He's now the SAP assessment and pentester leader at Devoteam security team. Discreet person, however, he receives official acknowledgements from SAP AG for vulnerabilities reported. He is in Grehack conference organization committee since years, and has been invited to talk in Clusir association.
Learn how to assess and secure IoT devices by having fun with hacking a dozen of devices among most profitable to attack - smart locks. The agenda will include: wireless sniffing, spoofing, cloning, replay, DoS, authentication and command-injection attacks, analyzing proprietary network protocols, breaking “Latest PKI technology”, abusing excessive services... The software-focused activities will be mixed with short entertaining tricks like opening lock by a strong magnet, counterfeiting fingerprints in biometric sensor or opening voice-controlled lock by hacking nearby speaking toys. Technologies covered will include: Bluetooth Smart, Linux embedded, KNX, NFC, WiFi, P2P, GSM, Wiegand, and others. Each student will receive a 100 EUR value hardware, consisting of Bluetooth hardware sniffer, Raspberry Pi configured with tools and Hackmelock for further practice at home.
What will be provided:
Here's a dedicated website on this topic: https://www.smartlockpicking.com
Contemporary laptop with virtualization software able to run Kali Linux (at least 4GB of RAM, 40GB space), Android > 4.3 smartphone
Moreover, everyone will also be able try oneself to:
Several exercises will be connected with electronic lock guarding a special box of goods from Poland. Whenever a participant will succeed in hacking the lock, the box opens automatically, and one can have a delicious cookie or a shot of a Polish vodka :)