[Dailydave] FUTEX is "fun"

Dave Aitel dave at immunityinc.com
Thu Nov 13 14:41:18 EST 2014


The hardest part of learning exploit development on modern systems is
finding vulnerabilities that can be done by a beginner, but which teach
advanced concepts, without being completely fake.  This is one thing I
really liked about our older "Unethical Hacking" class. It ramped up so
smoothly with exploit difficulty, that each exploit naturally followed
the last and at the end you knew how to write Windows exploits without
even realizing you did.

This is hard to replicate in the modern world, where exploits go from
"Super hard because ALSR and DEP are annoying" to "insanely impossibly
hard because apparently Loki hates me". When we teach the "Master Class"
we assume that you know how to write exploits, and of course, are smart,
but we cannot assume you know Linux or the particulars of kernel debugging.

We've chosen the Futex exploit as one of the ones for the Linux kernel
exploitation portion as a demonstration exploit. It involves a
particular control of stack variables, and a set of interesting problems
which we think will work well for taking anyone who is good at
exploitation into Linux kernel work without being at all fake, or
require a sacrifice to an angry demi-god to make work in class.

So sign up today, learn from some of the best, and enjoy the fine fruits
of your labor afterwards with mojitos and conversations about global
survellance (pro or con?) on South Beach. The Master Class always sells
out, so I recommend buying now as opposed to in March.

http://infiltratecon.org/training.html 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141113/794a7cdb/attachment.sig>


More information about the Dailydave mailing list