Friday, February 15, 2013

Corelan Training

This week, I took the Corelan Exploit Development Training. It was a two day training, on Tuesday and Wednesday, and very fun. I will admit, it is not for the weak of heart. Tuesday, we started at 9am, and I ended up leaving around 11pm, and other guys stayed even later. Wednesday, we started at 9am again and went until around 8pm.

During the first day, we discussed classic buffer overflows resulting is pointer overwrites and the like, and how to exploit them using Immunity Debugger and mona.py. Luckily, I already had experience with most of the materials for the first day through personal experience, and was able to help out other guys taking the class with using mona and how the buffer overflows worked.

During the second day, we discussed DEP, ASLR, and ROP chains. I do not have much experience with these, so the learning curve was higher, although I did understand the fundamentals of how these worked. We also discussed heap sprays, which was great as well. Heap sprays had been on my todo-list for quite a while and are incredibly interesting to me.

Peter is a great teacher and understands the materials well enough to answer tangential questions that aren't really covered in the materials. He understands his students very well, so he is able to relate information in meaningful ways, which is infinitely more helpful than just presenting information and expecting the students to  remember by simple rote memory. It also helps that he presents materials that he wrote himself, rather than simply using someone else's work.

Overall, I highly recommend the class if you have the means. In order to really get the most out of the class, you should absolutely have a basic understanding of assembly and how stacks and heaps work. You can read up on these on the corelan website.