AppSec 101: Understanding and exploiting buffer overflows
2019-10-23, 13:15–16:15, DieKirch-Echternach

This workshop will explain one of the most known application security vulnerability: the buffer overflow. We will start from the very beginning explaining what a CPU is, how does it executes operations and coordinate with the memory and inputs/outputs in order to run applications. We will then have a programming crash course (C language) then move to a assembly. Don't worry, we won't go too deep, just enough to understand the next chapter: understanding, identifying and exploiting a buffer overflow.

What will this workshop teach you?
- Understanding the structure and purpose of the CPU and the memory
- Basics of C programming
- Basics of assembly
- Understanding and exploiting basic buffer overflow

What this course won’t teach you?
- Reverse engineering
- Coding in C or Assembly (although we will briefly cover both)
- Explain, use and create fuzzers
- Create your own shellcode
- Return-Oriented-Programming exploitation (ROP)

Please make sure to come with a Linux (ideally Ubuntu) i386 (32-bit) if you want to follow the exercices.

Course materials: