Linux Security Track

Security Hacking and Hardening in Linux

Workshop OverviewWorkshop Overview

Security in Linux is rapidly becoming the choice for many developers. According to the LinuxDevices.com website, the significant reasons are that the source code is available, there are no runtime royalties and it is a robust reliable operating system which has excellent networking support.

This Workshop, teaches embedded skills using an embedded environment. Unlike most Linux Workshops it uses  hands-on demonstration with Proof of concept that is essentially needed in security for every organization.Overview:This Workshop is unique in a number of areas. First it is not aimed at Linux gurus; it is aimed at existing developers using traditional operating systems environments. Second, it proposes that how Linux can be used for all applications. It is as important to understand what Linux cannot do as much as what it can do.

Workshop Objectives:

The workshop provides participants with an enhanced understanding of:

  • Security Vulnerabilities in Modern Operating System
  • Linux kernel vulnerabilities statistics
  • Heap-based overflow
  • Using Ret2Libc
  • Return Object Programing
  • Understand ASLR and KASLR
  • Testing
  • Fuzzing

Benefits:

  • Learn the fundamentals of Security Issues with respect to Linux
  • Get guidelines, hints, and examples to understand vulnerabilities
  • Learn to tackle more effectively the vulnerabilities with Linux
  • Reduce overall incidents
  • Learn briefly in ROP – return object programming in LInux
  • Learn how to tackle BOF

Who can attend?

The target audience for the program comprises professionals with minimum Linux experience with regards to various phases of Software Development Life Cycles, who are preferably involved with the following scope

  • Development
  • Testing and validation
  • Project Management
  • Software Quality Assurance
  • Delivery
  • System Maintenance

Pre?Requisites:

Good ‘C’ programming skills

  • Fluent in user level commands in Linux
  • Knowledge of Linux or Unix is must
  • Be able well versed with Linux/Unix commands and shell (bash) (e.g. ls, cat, vi)

Contents

  • Security Status
    • “Security Vulnerabilities in Modern Operating Systems” – a brief
    • CVE details: Linux kernel vulnerabilities statistics
  • Vulnerabilities

Buffer-based attacks

  • Buffer Overflow (BOF)
  • Basic theory of operation
  • Revectoring program flow via a BOF
    • Manually (gdb)
    • Automatically via a crafted buffer.
  • A mention of other Vulnerabilities
  • Heap-based overflow
  • Ret2Libc
  • Walkthrough on ARM/Linux
  • ROP (return oriented programming) – an Introduction

Countermeasures Language

  • Safe Libraries
  • Compiler Protection
  • Executable space protection
  • ASLR and KASLR
  • Testing
  • Fuzzing
  • Static Analysis tools

FAQ