This 5-day course will provide a very practical training for skills needed in exploitation research and malware analysis. We will start to develop the knowledge of techniques learned in the “Malware and Exploit Essentials Course” further and strengthen the practical experience with them. Advanced topics (like Heap memory or Kernel) will then be introduced and trained in hands-on tasks to understand how these techniques work and help to better defend against them.
Learning Objectives
- Introduction to advanced exploitation techniques on Linux and Windows systems
- Exploitation in Heap memory
- Introduction for Kernel exploitation
- Advanced static and dynamic analysis of binaries
Target Audience
- Technical staff of CERTs, IT departments or other governmental or military entities being involved in technical IT security or cyber defence.
Outline
- Refresh and extend basic skills
- Buffer overflows
- ASLR bypass
- ROP Chain
- Static and dynamic analysis
- Advanced exploitation techniques
- Windows
- Linux
- Introduction to exploitation in heap memory
- Kernel exploitation
- Mitigation mechanisms against Exploitation in operating systems
- Advanced static and dynamic analysis
Prerequisites
- Attended “Malware and Exploit Essentials Course” or good and practical knowledge about the basic techniques in Exploit Research.
- Good work experience in Linux and Windows environments, especially command line.
- The course has a mandatory e-learning module (ADL 383) that can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal and will be available to all users of the portal. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ADL 383 ‘Malware and Exploit Essentials’ course listing. If you participated at the “Malware and Exploit Essentials” Course in the past, then the certificate of that course is also enough for the registration.
- Understanding of assembly and higher programming languages.
- Programming experience in assembly, C(++) and/or PYTHON.
- English language skill comparable to STANAG 6001, 3.2.3.2.
NB! Please be aware of the strong technical nature of this course: this is not a course for beginners. Note that we most strongly discourage the participation of students who do not fulfil the prerequisites, since the course contains advanced lab sessions assuming this knowledge. Therefore, the presence of unskilled attendees is likely to hinder the overall progress of the course.
ISACA CPEs
With the completion of this course the students can earn 35 ISACA CPE hours.
Registration
Please register for the course by visiting the NATO CCDCOE website and completing the provided registration form before the deadline. Applicants from CCDCOE member nations should use the registration code provided by their national Point of Contact.
Module certificate of the ADL 383 or the certificate of the “Malware and Exploit Essentials” course: One of the certificates is necessary when applying for the residential part of the course. You can download the certificate of the ADL 383, once you successfully finish the final test of the e-Learning module. When you register for the residential part of the course please email one of the certificates (or both) to: [email protected]
If you have any questions or issues with registration, please contact [email protected]