Development of Tools of Exploitation: Expert

General information Code: DOE Duration: 5 days Present: 6 Maximum Price: 2990 € HT Public concerned RSSI Consulting in safety Engineer/Technician System administrator/network Pre-necessary Level run HSA Low programming level Means Support of course 80% of practical exercises 1 PC by anybody Windows environment of demonstration (Windows XP, 2000, 2003, IIS, MSSQL...). Support Metasploit, OllyDbg Objectives To include/understand and exploit in a advanced way the vulnerabilities in Kernel and the services local and distant under Windows and Linux To include/understand, exceed and validate the advanced protection systems of the memory, system and network. To increase the field of exploitation of the vulnerabilities for a test of penetration.	Description This course will confront you with problematic safety very advanced under Windows and Linux, on the level Kernel, applicatif and network. You will study there in particular the working procedure of these systems, how y to exploit the vulnerabilities of the applicatif type, system, then to use these faults to exceed new protections of memory (ASLR, PAX...), of the system (antivirus...) and network (firewall personal and of border, IDS...). Finally you will learn how to implement attacks and rootkits in Kernel mode under these two systems in order to exceed the ACL, access rules network... These techniques are accompanied by directly applicable procedures of safety. This formation is particularly intended to the consultants and to administrators who wish to be able to carry out advanced technical tests at the time of their tests of penetration on the internal systems, or to apply solutions safety adapted to their S.I.
	Days 1 & 2 Overflow of plugs Attack of applicatif type of the Windows services. Thorough study of the context of execution of the programs and exploitation of remote vulnerabilities and in room with the Metasploit support. Architecture IA-32 The pile (stack) Overflow of pile Technique of exploitation Development under Metasploit To exceed the ASLR of Windows To exceed PAX under Linux Creation of shellcodes Linux Creation of shellcodes Windows Days 4 COM (Component Object Model) Presentation Scenarios of attacks circumvent lies of fire wall. Implementation Infection of process The architecture of the processes Skirting of barrier IPC Skirting of the ACL and GPO Rootkits in space user Rootkit in Kernel mode	Days 3 Format String Attacks in room of the vulnerabilities of the type format bug in the applicatifs Windows, and Linux Presentation Exploitation under Windows Exploitation under Linux Race condition Attacks in room of Kernel under Linux and Windows, and rise in Présentation privileges Exploitation under Linux Exploitation Under Windows Day 5 Tackle system under Linux Infection of process Diversion of calls systems Integration of these methodologies in advanced shellcodes Rootkit as a user mode Rootkit LKM