Software expoitation training from lamer
The course lasted 2 days (Feb 16th and 17th, 2008), and, in my opinion, was very interesting. That’s the motivation for me to write these from a learner’s point of view.
Content of the course:
- Stack/Heap overflow, focusing on stack overflow because of difficulty of Heap overflow with these techniques:
+ Return to libc (ret2libc)
+ Return to pop (ret2pop)
+ Overwrite .got, .dtors … if the program was compiled with ASLR (Address Space Layout Randomization) support.
- Format string
- Race condition (TOC/TOU – Time of Check/Time of Use)
- 01 laptop with DVD drive
- VMWare player  installed
- Basic knowledge of Linux and typical commands
- Basic knowledge of programing
- Basic knowledge of Assembly
The knowledge of Linux and Assembly is not required but learners can learn faster with them.
The learners will also gain the knowledge of using:
- IDA 
- gdb 
- python 
This is the most practical and beneficial course that I have ever attended. I was naturally sucked into the flow of solving problems. These are what I have noticed:
- The course flows from extremely basic information to very advanced knowledge.
- The learners will develop their skills based on these basic techniques.
- Studying and practicing simultaneously
- Interative learning, the learners must answer many questions throughout the course. This is very useful because the instructor can know whether they “get it”.
- The learners must think and solve problems themselves in a logical way based on the knowledge they have just had.
- Analyzing and predicting are two skills used throughout the course.
- The instructor has prepared the course carefully so that every sentence, or idea is valuable.
- The course is the experience of the instructor so it is very short but it fully covers all information that would require hundreds of pages to explain.
- This is the first time I could read and understand the flow chart of one program based entirely on its ASM code; then, exploit it.
I highly appreciate this course because of its outstanding quality. The experience and skill of the instructor make me believe in what I have learned. If there’s any advanced course from lamer, I’ll attend.
 VNSecurity – a non-profit research organization dedicated to network and system security. Their team has won the CTF2007’s first prize at HITB2007 Malaysia. VNSec was found and led by Thanh Nguyen (rd at vnsecurify dot net).
 Nam T. Nguyễn (Security+, CISSP) – a member of vnsecurity.net
 VMWare Player – a software to run a virtual machine. See more at www.vmware.com/products/player/
 IDA – a powerful disassembler. See more at www.hex-rays.com/idapro
 GDB – GNU debugger. See more at www.sourceware.org/gdb/
 Python – a powerful programming language. See more at www.python.org. There’s a website for Vietnamese who loves Python at www.vithon.org. This site was found and led by Nam T. Nguyễn.