Wednesday, April 8

Sourcefire's Exploit Development Class

First off, if you were to go look at this class on Sourcefire’s website, it states “Exploit Development Class for Snort Rule Writers”. We need to fix this. In the words of Lurene, “This class has nothing to do with Defense. At all. Ever.” The class should be more appropriately named, “Fundamentals of Exploit Development”, or “Writing Exploits, we’re going to hurt you”


So, let’s describe this class in two words or less:


Freakin Awesome.


Beginning on day one with a lot of terminology, introduction and drinking from the firehose on Assembly and gdb, by the end of the first day, you are well versed in how to read assembly, pick it apart, and even being able to reverse simple programs at this point. Your Brain will hurt.


Day Two, more drinking from the firehose, more reversing, more assembly, more gdb, drawing stacks, and by the end of the second day, you are learning to control EIP, and doing it. Your Brain will hurt even more.


Day Three, you just sit all day and hack programs. From simple to intermediate, (you aren’t cracking Microsoft Office just yet ;), by the end of the day, you are using reverse shells and shellcode like nothing. Your Brain is now fried. Go drink beer. Seriously.


This was the best class I have ever taken in my life. Srsly.


You know those classes where you go and sit, and you could probably figure out 80% of it, and the other 20% of the class you pick up little tricks and tips on whatever you are learning? This is not one of those. If you know assembly, or have experience in reversing assembly, this is not the class for you (even though you will probably learn something). The class I took was taught by 4 of the Vulnerability Research Team members, people I am glad to call my friends.


So, my hat’s off to Lurene, Matt, Ryan, and Nigel, along with all the other members of the VRT that contributed, came out, and helped with the class. It was great, and I’d gladly take it again anytime.


The best part of the class, I thought, was during the class, on a separate projector, they fuzzed software and found some 0days. I don’t want to disclose which pieces of software were fuzzed, but let’s just say that they are pieces of software that people use everyday.


In one piece of software, over 200 crashes and bugs were caused. No word on how many were exploitable yet.


No, I will not tell you which piece of software it was either.

No comments: