Workshop Summary - “Buffer Overflow to Real-World Exploitation”
Session purpose
Teach a complete, reproducible pipeline for understanding and ethically assessing stack-based buffer overflows: start from low-level C memory mechanics and progress to a disciplined, tool-driven exploit workflow applied to Windows server services in an isolated lab.
•Learning objectives
•Explain x86 stack frames, calling conventions, and endianness.
•Reproduce a crash from an unsafe C routine and compute precise overwrite offsets.
•Perform bad-character analysis and choose an appropriate redirection primitive.
•Generate constrained shellcode and assemble a final exploit buffer.
•Recognize the impact of modern mitigations (DEP/ASLR/stack cookies/SEHOP/CFG).
•Apply safe, responsible testing practices and remediation guidance.
•Target audience & prerequisites
•Audience: Beginners → intermediate security practitioners comfortable with basic C and Python.
•Prerequisites: Basic C compilation experience, basic networking and terminal skills.
•Lab environment & safety controls
•Attacker VM (Linux: Python, nc, msfvenom) and isolated Target VM(s) (32-bit Windows with Immunity Debugger + mona).
•Host-only/internal network, VM snapshots for rollback, targets run as non-privileged user.
•Code of conduct and responsible disclosure guidance enforced.
Live demonstrations
•Two end-to-end demos applying the same methodology to two lab targets.
•Each demo follows the pipeline: fuzz → crash → cyclic pattern → offset → EIP control → bad-chars → gadget discovery → payload generation → verification.
•Curriculum / core modules
•Foundations: stack vs heap, unsafe C APIs, diagrams of memory layout.
•From C to crash: compile/run an intentionally vulnerable C binary; observe and analyze crash.
•Exploitation workflow: tooling (Immunity + mona, Python, msfvenom), pattern-based offset computation, bad-char analysis, gadget selection.
•Practical demos: two Windows services with step-by-step artifact collection.
•Defenses & remediation: how mitigations disrupt exploit steps and secure-coding fixes.
•Ethical & legal guidance: lab scope, no Internet exploitation, responsible disclosure template.
•Deliverables provided
•Slide deck and lab PDF (stepwise checklist).
•Vulnerable C source and build instructions for lab use.
•Sanitized Python templates for fuzzing and buffer prototypes.
•Immunity/mona command cheat-sheet.
•Pre-recorded demo clips (fallback) and artifact examples (crash screenshots, mona logs).
•Assessment & verification
•Hands-on verification artifacts: fuzzer logs, Immunity crash screenshots, mona offset outputs, bad-char comparison logs.
•Post-lab quiz and checklist to validate understanding and reproducibility.
•Ethics, limitations & disclosure
•Workshop excludes teaching bypasses for modern mitigations; it focuses on methodology, defensive context, and secure remediation.
•Participants are required to follow the provided responsible-disclosure process for any real vulnerabilities discovered.
Key takeaway
Attendees will leave with a practical, repeatable blueprint for ethically assessing legacy Windows services for stack-based buffer overflows: a clear mapping from low-level memory concepts to the tested, tool-driven exploitation workflow and corresponding mitigation/remediation steps.
