training-exploit-fundamentals
training-exploit-fundamentals copied to clipboard
rung
For training of "Exploitation Fundamentals"
Exploitation Fundamentals
This repository contains the training materials of Exploitation Fundamentals at Mercari (internal training) in 2020.
(2020年にメルカリで実施した社内勉強会「Exploitation Fundamentals」のレポジトリです)
Course Abstract
You can learn how computer works, and how vulnerabilities like buffer stack overflow are attacked. This training explains those using tools like debugger(GDB), and you can check what happens in your eyes.
(コンピュータがどのように動いているのか、なぜバッファオーバーフローなどの脆弱性攻撃が成立するのかなどについて、具体的にデバッガ(gdb)で追いながら内容を理解しようという、メルカリ社内でのソフトウェアエンジニア向けトレーニングの資料です)
Applicable for: Software Engineers
Purpose of this session
-
To build a deeper understanding of how computers work through the medium of security
- The fundamentals of computers haven't changed much. A good understanding of the lower levels, is knowledge that lasts a lifetime. More so than security, these materials go into depth on the inner workings of computers
- Security is fun! You can only learn how to defend by learning how to attack
-
Please do not abuse what you learn from this document
-
(コンピュータがどのように動いているか、セキュリティを通して理解を深めることを目的にしています。低レイヤに馴染みがない方向けに、コンピュータの動きの基本から、具体的な攻撃方法まで説明しています。ぜひセキュリティの楽しさを感じてください。)
-
本資料で学んだことを、悪用しないでください。
Slide
| 日本語(Japanese) | English |
|---|---|
 |
 |
Outline
-
1.Computer Systems
- System calls (システムコール)
- x64 CPU Architecture (x64 CPUアーキテクチャ)
- x64 Assembly (アセンブリ)
- Memory Layout
- Example1 Hello World!
- Exercise1: Function Call
-
2.Stack Buffer Overflow
- Stack Buffer Overflow vulnerability
- Shellcode
- Exercise2: Stack Buffer Overflow
-
3.Advanced
- History
- Mitigation (DEP/ASLR/SSP)
- Go(Golang) Vulnerability
- Memory Layout in Go
- ROP(Return Oriented Programming)
- Exercise3: ROP
Exercises
Example1: Hello World!
- Procedure
Exercise1: Function Call
- Procedure
- Video
Exercise2: Stack Buffer Overflow
- Procedure
- Video
Exercise3: Advanced (ROP)
- Procedure
- Video
rung