AOH :: IS1136.HTM

Exploit Lab 3.0 comes to Hack in The Box

Exploit Lab 3.0 comes to Hack in The Box
Exploit Lab 3.0 comes to Hack in The Box

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

The Exploit Lab 3.0 Comes to Hack in The Box

Buffer overflows and remote exploits still remain the most wondrous and 
devastating of attacks. For years, security analysts have been playing 
with exploits that yield them a rootshell. The Exploit Laboratory brings 
the "rocket science" of reverse engineering and exploit writing in an 
easy to understand two day class at Hack In The Box 2008. Started by 
Saumil Shah of Net-Square and S.K.Chong of Scan Associates, the Exploit 
Laboratories has been taught at Blackhat, Hack in the Box, CanSecWest 
and many other security conferences worldwide to sold-out audiences.

The class' popularity lies in the fact that it brings the concepts down 
to easy hands-on examples featuring real life software as opposed to 
contrived textbook examples. Participants begin with simple overflows on 
Windows and Linux and are brought up to speed with exception handler 
overwrites, heap overflows, exploiting toolbars on IE7, bypassing Vista 
ASLR, and more, featuring recent software vulnerabilities out in the 

For the first time this year, the Exploit Laboratory features hands on 
Mac OS X exploitation. Saumil and S.K. strive to keep the class current. 
Things have come a long way since the class was first offered in early 
2006. The Exploit Laboratory has kept pace with the times, with a 
continually updated syllabus and up-to-date examples of vulnerabilities.

It entirely depends upon the participants how much they wish to absorb 
out of the class. Both instructors are highly experienced security 
professionals with over nine years of experience in the industry, many 
public contributions, books and papers. The format of the Exploit 
Laboratory is "learn as you play along". Participants are expected to 
bring their own laptops to class. Everything happens hands-on.

The Exploit Laboratory requires its participants to sign a code of 
ethics agreement to promote vulnerability discovery and responsible 

Some comments from past students on The Exploit Laboratory:

Garrett Gee writes: "Wow, what a weekend I just had. I just finished the 
exploit laboratory class with Saumil Shah and S.K. Chong at Black Hat 
USA 2007. We covered exploit topics like stack and heap overflows on 
linux and windows systems. At the end of the course, I think we 
developed ten exploits for various applications. I loved their teaching 
format of explaining the exploit concept, then stepping us through a 
real exploit, and then letting us do one ourselves. A major difference 
from the ImmunitySec course I took a few years ago was that they told us 
how to make the application crash in the first place. This saved lots of 
time and allowed us to focus on how to gain full control of the 
application, and how to pack our payloads." 

Tate Hansen writes: "If you want to bump up your exploit writing skills 
=E2=80=93 Saumil Udayan Shah is an excellent teacher. His style of teaching 
brought out memories of my time as an ECE student at CU, Boulder. He 
presented very clearly, kept the pace moving, and quipped often. Great 
class. The majority of time is spent on using GDB and WinDBG to inspect 
Intel 32-bit x86 CPU registers for opportunities. The end game was 
always accompanied by netcat and metasploit (along with a decent amount 
of scripting to facilitate quick retries when trying to line up all the 
exploit code to ensure success)." 

More details on the class can be found on the Hack In The Box 2008 
conference page at: 

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 

Site design & layout copyright © 1986-2015 CodeGods