Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

New Immunity Course coming up.

From: Dave Aitel <dave () immunitysec com>
Date: Sun, 07 Nov 2004 15:00:03 -0500
*Short notice, as always, but I think definately interesting for a lot of people on the lists. Sinan Eren, with three kills to his name, is teaching the class. I plan on taking it. :> 

-dave

November 29-30 in Palo Alto California*
* Locating Vulnerabilities in Microsoft RPC: An Offline and Runtime Reversing Approach * 

Duration: 2 Days

Course Outline:
This course will be an insight look at Immunity Inc.'s methodologies to find local and remote bugs in Microsoft's Windows OS. Following is a brief listing of the topics we will be covering during this 2 day course event. 

1- Microsoft RPC
        a. Locating the running interfaces
        b. Understanding Named Pipe permissions
        c. Null sessions (what can still be possible with XP SP2)
        d. What process runs, what service ?
        e. Tricks to evade RPC default named pipe permissions (Immunity's secret trick!)
        f. Old school MS RPC vs. DCOM
        g. Context handles
        

2- Reversing Microsoft RPC (IDA)
        a. Retrieving symbols for service executables and DLLs
        b. Reversing with IDA
        c. Locating the interfaces and the dispatch tables in the disassembly
        d. Looking at each procedure for potential vulnerabilities
        e. Extending code coverage (Immunity's secret trick!)
        f. Generating IDL files with muddle and fixing them to work!
        g. Core RPC client skeleton
        h. Sending requests to procedures
        

3- Runtime Reversing Microsoft RPC (Debugger)
        a. Attaching, breakpoints, watchpoints etc.
        b. Sending RPC requests and runtime tracing
c. Correlating Runtime findings with the IDA session (structure decompilation, better coverage and understanding etc. etc.) 
        d. Modifying RPC requests for profit
        

4- Binary Diffing
        a. Use SABRE Security's excellent tool: BinDIFF to locate changes in binaries
        b. Case study: Identify NetDDE RPC service fix


Cost is $2000 per person.

*Call 646-327-7429 or email dave () immunitysec com to sign up.*

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: