28 Aug-1 Sep 2017
28 Aug-1 Sep 2017
26 Jun 2017
300 € (no fee for the Sponsoring Nations, Contributing Partners and NATO bodies)
The Malware and Exploit Essentials course will provide deep technical insights for cyber defenders into techniques that modern malware uses to exploit vulnerabilities and to intrude into systems. Based on an introduction to modern OS features and analysis techniques, the use of debuggers as the most important tools for exploit research and up‐to‐date methods for vulnerability detection like fuzzing and code coverage will be discussed.
Once vulnerabilities have been found, there are different approaches to make use of them to exploit a system. The course will start by introducing basic exploitation methods like buffer and heap overflow techniques, as well as more advanced ideas for both Windows and Linux systems (for the experts: ASLR, SEH/SafeSEH, ROP, DEP etc. will be demonstrated and explained). Since system security is mainly based on encryption technologies, modern crypto systems will be explained, as will aspects of crypto security and how intruders try to break them.
Another important topic on this course is software resilience: malware execution is always based on an unintended program flow redirection. This course will show how code can be protected from being altered by introducing code morphing and obfuscation techniques. It is also planned to give an overview of virtualisation techniques, which help engineers analyse malware as long as the malware is not aware it is being executed in a research environment, but also carries the risk of potential malware escapes from the virtual environments, which have been seen before.
The target audience is exclusively technical staff of CERTs/CIRTs or other governmental or military entities being involved in technical IT security or cyber defence.
NB! Please be aware of the strong technical nature of this course: this is not a course for beginners. Note that we most strongly discourage the participation of students who do not fulfil the prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the course.