EXPLOIT DEVELOPMENT / RT433

FIVE   |   TEN   |   90%   |   40

              SCENARIOS                  LABS                 HANDS-ON           DURATION

During This Course, participants will Learn programming languages and Shellcode writing. They will acknowledge in program structure and execution patterns for the cause of knowing how to find vulnerabilities and exploit in programs and codes to gain control of target systems and applications. This course covers how to write shellcodes, programs, and tools, essential skills for advanced penetration testers and software security professionals.

LAB 01

C Programming

LAB 02

C Functions

LAB 03

Macros

LAB 04

Memory Allocation

LAB 05

Assembly

LAB 06

Syscall

LAB 07

Flags

LAB 08

Shellcode Tools

LAB 09

Linux Shellcode

LAB 10

Working with DLL

Scenario: EDA001

Skype, a free online service that allows users to communicate by voice, video, and chat, was a cause for a bug that allowed hackers to execute malicious code remotely. This bug was leaked and then discovered by Skype themselves; following this, the bug was mitigated and fixed. A group of hackers managed to replicate this bug in the new version, but all they provided is a POC.

Annotation 2020-05-22 082643.jpg

Scenario: EDA002

A group of international cyber activists managed to abuse a vulnerability in an FTP Server; the company rushed to fix the issue, but after months of going back and forth, they were unable to replicate the steps that the cyber group preformed. Following this, the company issued a bug-hunting program, rewarding the first to provide a working POC.

photo_2020-05-14_20-34-44.jpg

Scenario: EDA003

Some unknown hackers managed to hack into the Linux Mint website and replaced the download links on the site that pointed to one of their servers, offering malicious ISO images for the Linux Mint OS. Your group was tasked with analyzing the ISO file and by thus finding the attackers.

photo_2020-05-14_20-37-25.jpg

Scenario: EDA004

A famous group of Chinese hackers carried out political espionage, dubbed the “MessageTap”. This backdoor malware data miner has recently been discovered installed on a Linux-based SMSC server of an unnamed telecommunications company. It seems that the backdoor was based on vulnerability; we require your assistance with gaining access and retaking the servers.

photo_2020-04-03_11-46-35.jpg

Scenario: EDA005

The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. Our firm suspects that specific machines on the network are compromised. Use your skills to detect compromised hosts and provide a POC of the issue.

photo_2020-05-14_20-41-47.jpg

© 2020 by ThinkCyber

THE 2020

CYBERIUM