Translate by BabelFish

Next sessions

The guaranteed sessions are indicated by the logo guaranteed session

Development Of Tools Of Exploitation: Expert

  • From the 21-06-2010 to 25-06-2010
  • From the 20-09-2010 to 24-09-2010
  • From the 15-11-2010 to 19-11-2010
Pre-to reserve
Or
Contact us with
01 78 76 58 00

Products & Services

Organization of the formations

Our Formations

   Ethical Hacking

   Protected administration

   Certifications Safety

   Certification Management

   Cisco

   Protected development

Development of Tools of Exploitation: Expert

General information
  • Code: DOE
  • Duration: 5 days
  • Present: 6 Maximum
  • Price: 2990 € HT
Public concerned
  • Consultants in safety
  • Engineers/Technicians
  • System administrators/networks
  • Developers
Pre-necessary
  • Level course HSA
  • Control programming
  • Assembleur/C
Means
  • Support of course
  • 80% of practical exercises
  • 1 PC by anybody/Internet
  • Windows environment of demonstration (Windows XP, 2000,2003…) and Linux.
  • Support Metaslpoit, OllyDbg
Objectives
  • To include/understand and exploit in a advanced way the vulnerabilities in Kernel and the services local and distant under Windows and Linux.
  • To include/understand, exceed and validate the advanced protective systems of the memory, system and network.
  • To increase the field of exploitation of the vulnerabilities for a test of penetration.
Description

This course, will confront you with the problems of safety very advanced under Windows and Linux on the Kernel level, applicatif and network. You will study there in particular the inner working of these systems, will learn how to exploit there the vulnerabilities of the applicatif type and system, then to use these faults to exceed the new memory protections (ASLR, PAX…), of the system (antivirus…) and network (firewall personal and of border, IDS…). Lastly, you will learn how to implement attacks and rootkits in Kernel mode under these two systems in order to exceed the ACL, the access rules network… These techniques are accompanied by directly applicable procedures of safety.

This formation is particularly intended to the consultants and to administrators who wish to be able to carry out advanced technical tests at the time of their audits of penetration on the internal systems, or to apply security solutions adapted to their S.I.

Day 1,2 & 3
Going beyond of plug in memory Attacks of applicatif type of the services. Thorough study of the context of execution of the programs and exploitation of remote vulnerabilities and in room with the assistance of Metasploit.
Architecture IA-32
Overflow of pile
Technique of exploitation
Example on a network application
Development under Metasploit
To exceed the ASLR of Windows
To exceed PAX under Linux
Creation of shellcodes Linux
Creation of shellcodes Windows
Format String Attacks in room of the vulnerabilities of the type format bug in the applicatifs Windows and Linux
Presentation
Exploitation under Windows
Exploitation under Linux
Race condition Attacks in room of Kernel under Linux and Windows and rise in privileges
Presentation
Exploitation under Linux
Exploitation Under Windows
Days 4 & 5
Attacks Système under Windows COM (Component Object Model)
Presentation
Scenarios of attacks
Skirting of fire wall
Implementation
Infection of process
The architecture of the processes
Skirting of barrier IPC
Skirting of the ACL and GPO
Rootkit in space user
Rootkit in Kernel mode
System under Linux attacks
Infection of process
Diversion of calls systems
Integration of these methodologies in advanced shellcodes
Rootkit as a user mode
Rootkit LKM

REFWEO.com
cat gastronomy sextv vphone Internet
")); 0