BEGIN:VCALENDAR VERSION:2.0 PRODID:Data::ICal 0.24 BEGIN:VEVENT DESCRIPTION: 'Title: House of Heap Exploitation (Pre-Registration Require d)\n When: Friday\, Aug 11\, 09:00 - 12:59 PDT\n Where: Flamingo - Exe c Conf Ctr - Foyer - Workshop Checkin - [1]Map\n Speakers:Elizabeth St. Germain\,Kenzie Dolan\,Maxwell Dulin\n "Strikeout"\,Nathan Kirkland\,Zac hary Minneker\n\n SpeakerBio:Elizabeth St. Germain\n Elizabeth St. Ger main started hacking from a young age when very few\n inputs were saniti zed. She worked in systems administration and video\n game development b efore settling into hacking as a career. She now\n focuses her time on w eb and hardware hacking\, with a desire to explore\n the security impact s that video games can have on consumers. Most of\n her free time is spl it between either min/maxing games\, competing in\n CTFs\, exploring urb an areas and nature\, or making music.\n\n SpeakerBio:Kenzie Dolan \, Se curity Engineer at Security Innovation\n Kenzie Dolan works for Security Innovation as a Security Engineer\n focusing on engagements ranging fro m IoT hacking to kiosk\n exploitation. Her current research interests in clude emerging threats\n against Mobile and IoT devices. She has a degre e in Computer and\n Information Science from University of Oregon. In he r free time\,\n Kenzie enjoys composing music\, playing video games or h iking in the\n greater Seattle area.\n\n SpeakerBio:Maxwell Dulin "Str ikeout"\n Maxwell Dulin (also known as Strikeout) loves hacking all thin gs under\n the sun. In his day job\, he works as a security engineer pri marily\n focused on web applications. But at night\, he leaves the tangl ed web\n into the open space of radio signals\, garage doors\, scoreboar ds\, RC\n cars\, and pwn challenges. From the latter\, he gained enough expertise\n to create a heap exploitation course that has been delivered at a\n number of security conferences\, including DEFCON. In his spare time\,\n he has found Linux kernel 0-days\, and reverse engineered numer ous\n wireless devices. To summarize\, if you put something in front of him\,\n he'll find a way to break it and make it do what he wants.\n\n SpeakerBio:Nathan Kirkland\n Raised on a steady diet of video game modd ing\, when Nathan found\n programming as a teenager\, he fit right into it. Legend says he still\n keeps his coffee (and tear) stained 1980s edi tion of The C Programming\n Language by K&R stored in a box somewhere. A few borrowed Kevin\n Mitnick books later\, he had a new interest\, and began spending more\n and more time searching for buffer overflows and S QL injections. Many\n coffee fueled sleepless nights later\, he had earn ed OSCP\, and\n graduated highschool a few months later. After a few mor e years of\n working towards a math degree and trying fervently to teach himself\n cryptanalysis\, he decided to head back to the types of fun h acking\n problems that were his real first love\, and has worked at Secu rity\n Innovation ever since.\n\n SpeakerBio:Zachary Minneker \, Secur ity Innovation\n Zachary Minneker is a security researcher and security engineer at\n Security Innovation. His first computer was a PowerPC Maci ntosh\, an\n ISA which he continues to defend to this day. At Security I nnovation\,\n he has performed security assessments on a variety of syst ems\,\n including robots for kids\, audio transcription codecs\, and ele ctronic\n medical systems. He has previous experience administrating ele ctronic\n medical systems\, and deep experience in fuzzing\, reverse eng ineering\,\n and protocol analysis. His research has focused on techniqu es for\n in-memory fuzzing\, macOS sandbox security\, and IPC methods.\n \n Description:\n Heap exploitation is an incredibly powerful tool for a hacker. As\n exploit mitigations have made exploitation more difficul t\, modern\n exploit development has moved to the heap. However\, heap e xploitation\n is a major wall in the binary exploitation journey because of its\n complexity. To conquer this difficultly\, the workshop tackles the\n complexity head on by diving into the weeds of the allocator dire ctly\,\n taking on many hands-on exercises/challenges and creating easy to\n grasp diagrams to understand all of the concepts.\n\n This worksh op is for learning heap exploit development in glibc\n Malloc\, which is the default allocator on most Linux distributions.\n With this hands-on introduction into glibc Malloc heap exploitation\n you will learn how t he allocator functions\, heap specific\n vulnerability classes and to pw n with a variety of techniques. To make\n the material easy to consumabl e\, there are many hands-on exercises\, a\n pre-built virtual machine wi th everything necessary for binary\n exploitation and an immense amount of visuals for explaining the\n material. After taking this course you w ill understand the internals\n of the glibc Malloc allocator\, be able t o uncover heap memory\n vulnerabilities and pwn the heap with a variety of techniques\, with\n the capability to go further into the art afterwa rds.\n\n Skill Level: Intermediate\n\n Prerequisites for students:\n - Basic computer science background (x86_64 assembly\, stack\,\n progra mming skills in C & Python) - Basic binary exploitation skills\n (buffer overflow exploitation\, ROP\, ASLR\, etc.) - Familiar with Linux\n deve loper tools such as the command line\, Python scripting and GDB.\n\n Mat erials or Equipment students will need to bring to participate:\n\n * Laptop with enough power for a moderately sized Linux VM:\n\n * ARM ba sed MacOS has support through either QEMU or servers that\n people c an use.\n\n * Administrative access to the laptop\n\n * 8GB RAM mi nimum\n\n * 30GB harddrive space\n\n * Virtualbox or another virtu alization platform installed\n\n '\n\n 1. #FlamingoLowerLevel\n\n\n DTEND:20230811T195900Z DTSTART:20230811T160000Z LOCATION:WS - Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin SUMMARY:House of Heap Exploitation (Pre-Registration Required) END:VEVENT END:VCALENDAR