Don't like this style? Click here to change it! blue.css

Welcome .... Click here to logout

The Last Class

I've had a lot of fun trying to make sure you all come along for this journey. My subversive goal is nurturing a sense of creative autonomy via tech. To tackle something seemingly impossible is to chunk it into parts, master the concepts, and just roll up your sleeves to work through the pieces.

It's very hard to measure success in this, if someone comes in with no experience then that next step is a sort of confidence to overcome that sense of static noise when a topic seems too hard.

If you've got some previous experience then that next step feels more like your ability to pick up something beyond the course content just to serve you in accomplishing a new goal.

I really hope that the spirit of, "if someone can do it that so can I", will carry with you into future projects no matter what fields your career ends up in. The process is more important that the outcome and you just have to accumulate 1000 losses as quickly as possible.

Heap Exploitation re-theme

So I attempted to shift around the second half of the class in order to bring more of you to the cutting edge with me.

I covered less pure content but tried to get the story consistent and progressive rather than shotgun.

From that perspective, the foray into fastbin dup was a mistake, forgive me.

I'm curious to see if it worked. So I made a new set of mastery tasks to capture this different model of learning the cutting edge:

Green means you could probably deploy the skill in a live scenario.

Yellow means you think you get it intellectually but need to practice.

Red means you've got no idea what I'm talking about.

Head to the discord and update your green-yellow-red emojis for these new heap tasks. I also added green-yellow-red hearts to the pre-heap tasks, if you take a moment to let me know how you self-assess on those that would be great.

OK so what sort of stuff did we cover:

Pretty deep.

What's missing?

We took an interesting path through this topic.

So what would I have liked to cover with you that we didn't?

Secure Software Design?

So for the CISC students who came in with different expectations I do want to confirm that the topic is in-fact one and the same. I encourage you to learn the CERT guidelines real quick:

Let's go through them real quick: CERT Coding Standards

memset your junk and delete your pointers.

Help make the world secure and not just the one project.

There is a whole world of secure software processes: almost like a project management class. Something like this:

Take a look at the SDL: SDL from microsoft

I also find it helps to contextualize all of this by looking at the MITRE ATTACK framework:

Use the charts:

Sure, but what about a PWN career?

OK so suppose you love PWNing like me and want to make a career of it?

So being a top CTFer is a great job door-opener, we learned about them because a large company uses CTFs as their cyber interview process (top score gets the job).

But also bug bounties, CVE hunting, malware detection, forensics.

OK so what about more practice?

Here are a ton of problem sets:

CTF flowcharts

Also compete every weekend with us!

OK OK, but what about those other heap tricks?

So here's a "stack leak" in our cutting edge world:

How about the FSOP stuff?

Well here are some links to old lectures on that:

Intro to FSOP

FSOP struggles

FSOP success

OK Go Forth

Thanks again, I wish you nothing but the best. Any way I can help let me know.