Violent Python and Exploit Development

Track Room Location: H134 (Heritage Hall)


Description

Even students who have never programmed before can quickly and easily learn how to make custom hacking tools in Python. In hands-on projects, students will create tools and hack into test systems, including:

  • Port scanning
  • Login brute-forcing
  • Port knocking
  • Cracking password hashes
  • Sneaking malware past antivirus engines

With just a few lines of Python, it's easy to create a keylogger that defeats every commercial antivirus product, from Kaspersky to FireEye.

In the exploit development section, students will take over vulnerable systems with simple Python scripts. Hands-on projects will include:

  • Linux buffer overflow
  • Buffer overflow on Windows 7
  • Exploiting Windows Server 2012
  • Fuzzing a vulnerable server
  • Structured Exception Handler exploitation on Windows
  • Defeating Data Execution Protection with Return-Oriented Programming

This is a hands-on workshop. USB thumbdrives will be available with Kali Linux and Windows Server 2008 virtual machines to use.

Prerequisites

Any knowledge attendees should have prior to selecting the track.

Instructor

sbowne.jpg
Sam Bowne
City College of San Francisco

Sam has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, HOPE, BayThreat, LayerOne, and Toorcon, and taught classes and many other schools and teaching conferences. He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign.

Industry Certification Exams & Prizes:
Infosec: CISSP, Certified Ethical Hacker, Security+, Defcon 21 CTP Co-Winner (Black Badge)
Microsoft: MCP, MCDST, MCTS: Vista
Networking: Network+, Certified Fiber Optic Technician, HE IPv6 Sage, CCENT, IPv6 Forum Silver & Gold, Juniper JN0-101, Wireshark WCNA

Three Objectives

1. Read and write simple Python scripts.
2. Find buffer overflow vulnerabilities with fuzzing.
3. Create remote code execution exploits for Linux and Windows targets.

Agenda

PENDING

Resources

Instructor Links

http://samsclass.info/127/127_WWC_2014.shtml