One thing about the Unethical Hacking training happening at INFILTRATE 2014 is the advantage technology investments have improved the way people learn buffer overflows. This class is pretty unique in that we've run hundreds of people through it who have only basic programming skills, and at the end of it they are doing assembly language, writing intermediate level Windows buffer overflows, and have an accurate picture of how the process of taking a vulnerability to an exploit works.
Part of the secret is VisualSploit, and the 2.0 version is an amazing improvement. As you can see below, it runs within your browser, and you drag and drop the components into it to reflect your understanding of how the program stack is behaving. You're writing exploits, but naturally, without coding at all.
A simple example exploit from class - VisualSploit, Immunity Debugger and your brain are all the tools you need! |
Some of the blocks wrap quite complex functionality and calculations such as a jump from one block to another one. This makes learning the whole process thousands of times easier for students who are not already assembly language experts by avoiding hard to find typos.
A much more complex version of VisualSploit - coming up with the building blocks of an exploit can take four hours, but it's an intensely educational four hours! |
So in summary, by taking the requirement that you know how to code Python or some other language out of the class, it more effectively and reliably teaches people how to write exploits. You come in knowing just a little bit about programming, and you walk out a completely changed person. I've seen it hundreds of times which is why it's my favorite Immunity class to teach. It's less frustrating, and more fun, simply because we invested in the tools to make the learning process better.
So sign up or call us for more information!
infiltrate@immunityinc.com
(p) +1-786-220-0600
No comments:
Post a Comment