Introduction to Embedded Exploitation

We are pleased to announce the offering of a new training course. This is a 5 day course and will focus on vulnerability research on embedded systems.

Instructors

David Barksdale – David is Director of Research at Exodus Intelligence and manages the 0day team. David is an expert in software and hardware reverse engineering. Last year he won a PWNIE award for Best Server-Side Bug for a Cisco firewall RCE exploit. David started hacking at a young age and was published in the Summer 2001 issue of 2600. In fall 2003 he reverse engineered Yahoo! Messenger’s new authentication protocol and wrote an exploit for a 0-day vulnerability in Microsoft DirectX, all before graduating from The University of Texas with a bachelor’s degree in Computer Science. He has also contributed to the Linux kernel, the Open Embedded project, and many more open source projects.

Elvis Collado – Elvis is an up and coming Senior Researcher on Exodus Intelligence’s 0day team. Prior to Exodus, he worked at TippingPoint DVLabs where he researched submissions to the world’s largest and most diverse bug bounty program and developed filters for them. After DVLabs, Elvis worked as a consultant for Praetorian performing penetration tests for large manufacturers of embedded devices. While at Exodus, Elvis has developed several 0day exploits for market leading routers and firewalls. Elvis has presented at Defcon, BSides, CircleCityCon, GrrCon, and InfoSec Southwest.

Date & Location

March 5 through 9th: Austin Texas

Requirements

  • Laptop (Intel i5 dual-core or better)
  • USB Type-A Ports – You’ll need to be able to use the provided breakout boards
  • Disassembler (IDA Pro or radare2)
  • Please be familiar with the disassembler you choose.
  • Experience with reversing binaries (any architecture)
  • VirtualBox or VMWare
  • An embedded device of your choice. (Warranties will be voided) Please select a reasonably sized device. We don’t want people bringing in Cisco 6500s or so.

Description

This 5-day course is designed to help students gain the knowledge and experience needed to audit and exploit RTOS and Linux based embedded devices. Students will work through multiple case studies with physical devices to find and exploit each 0day vulnerability found by the trainers. Each case study will use a different device and highlight the approach used to find and exploit each bug. On the last day Students will be encouraged to bring in their own device and apply all of the techniques that were taught with guidance from the instructors.

Expectations

Students will be gaining experience with:

  • Communicating with common serial protocols.
  • Utilizing the XI Breakout board 
  • Building custom toolchains
  • Organizing JTAG data dumps into something meaningful
  • Interpreting Datasheet(s)
  • Developing custom shellcode
  • Deep dive into the MIPS architecture
  • Methods of extracting firmware

Students will also be given challenges to work on outside of class.

 

To purchase use the link below, or email training@exodusintel.com
http://buytickets.at/exodusintelligence/123589

Exodus Intelligence 2016 Training Course

threat intelligenceVulnerability Development Master Class

Since our inception, Exodus Intelligence has provided training courses on a variety of advanced subjects which have consistently been filled with students from around the world. Over the last few years, we’ve hosted Master Classes in the USA, Asia, and Europe–both publicly and privately (by request).

Once again, our flagship course–the Vulnerability Development Master Class–returns with new content, taught by recognized experts. Known as some of the best in the industry, Exodus instructors are armed with real-world experience, as well as multiple Pwn2Own victories and PWNIE awards. Continue reading

Vulnerability Development Master Course: Windows Edition

Throughout 2013 we have given training courses on a variety of advanced subjects which have consistently been filled with students from around the globe. The classes have been hosted both publicly at security events, our headquarters in Texas, and privately at military and government institutions. As the year draws to a close, we’ve had a chance to reflect on the content we’ve taught and how we can raise the bar even higher in 2014. To that end, we’re excited to announce that we have combined material from our Breaking Binary Applications, Bughunting and Analysis 101, Dynamic Reverse Engineering, and Browser Exploitation classes into a single week-long master course that we will deliver publicly at 3 locations in 2014.

The new course, titled the Vulnerability Development Master Class, will be taught by the entire Exodus team over the course of 5 consecutive days.

Dates & Locations

The dates and locations are as follows (venue information will be distributed to registered attendees):

  • March 24th-28th: Boston, MA, USA
  • July 7th-11th: Amsterdam, The Netherlands
  • September 15th-19th: San Francisco, CA, USA

If we receive sufficient interest in hosting additional events the above list may expand. Reach out to us via training@exodusintel.com or on twitter via @ExodusIntel for any inquiries.

Prerequisites

We have compiled a summary of prerequisites, the abstract, dates and locations into a single PDF for reference: Exodus Intelligence Vulnerability Development Master Class

Abstract

This 5 day course is designed to provide students with a comprehensive and progressive approach to understanding advanced vulnerability and exploitation topics on the Windows platform. Attendees will be immersed in hands-on exercises that impart valuable skills including static and dynamic reverse engineering, zero-day vulnerability discovery, binary instrumentation, and advanced exploitation of widely deployed server and client-side applications.

Taught by the entire Exodus Intelligence team, this course provides students with direct access to our renowned professionals in a setting conducive to individual interactions.

Syllabus

  • Reverse Engineering
    • Static Reverse Engineering
      • Code Representation and Graph Theory
      • Recognizing Non-Determinism
      • Recognizing Data Structures
      • Symbol Mining
      • Harvesting Useful Code
      • C++ Type Recovery
      • Scripting Disassemblers
    • Dynamic Reverse Engineering & Automation
      • Non-Intrusive Target Monitoring
      • Recovering Type Information
      • Code Flow Analysis
      • Symbol Recovery
      • Instrumentation with PIN
      • Isolating Interesting Code & Data
  • Debugging
    • Core Windows Userspace Concepts
      • Memory Management
      • Process Lineage
      • Integrity Levels
      • Windows Services
      • Inter-Process Communication
      • Local Inter-Process Communication
      • Remote Process Communication
      • The Windows Linker & Loader
      • Exception Handling
    • Core Debugger Concepts
      • Attaching (Intrusive vs Non-Intrusive)
      • Breakpoints
      • Global Flags
      • Image File Execution Options
      • Scripting with PyKD
      • Annoyances & Solutions
  • Vulnerabilities Overview & Recognition
    • Recognizing Vulnerability Patterns
    • Automated Discovery
    • Memory Corruption
      • Type Confusion
      • Improper Allocations
      • Arithmetic Issues
      • Format Strings
      • Use-After-Free
      • Buffer Overflows
    • Design Flaws
  • Vulnerability Discovery
    • Manual Auditing Processes
    • Dumb Fuzzing
    • “Intelligent” Fuzzing
    • Ambulance Chasing
    • Binary Diffing
    • Client-Side Discovery Techniques
    • Server-Side Discovery Techniques
  • Exploitation
    • Memory Manipulation & Scope
    • Windows Mitigations & Bypasses
    • Enhanced Mitigation Experience Toolkit (EMET)
      • Bypassing EMET
    • Achieving Reliability
    • Post Exploitation
      • Sandboxes
      • Process Continuation

Pricing and Registration

The cost for the 5-day course is $6500 USD per student. You may e-mail training@exodusintel.com to register and we will supply a purchase order.

We have also made available this template request form for individuals to help justify attendance to management.