[Noisebridge-discuss] Smashing the stack for fun and... education?

[Micah Lee]

Would anyone be into having a weekly Noisebridge meetup to try to
learn more about buffer overflows and writing code to exploit them? I
don't think there are many people around who are experts -- I'm
certainly not -- but I think there's a lot that we can learn if we're
into it, and I've got a couple ideas. I have enough experience with
this stuff to be able to explain in limited detail how it all works,
from sending a malicious buffer to a program, hijacking the flow of
execution, and executing a payload to hack systems.

We can start with reading Hacking: The Art of Exploitation
(http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593270070).
I have a copy, and Noisebridge has a copy too. I've read the first
couple chapters and it's really good. It comes with an Ubuntu LiveCD
with a bunch of example code on it, and steps you through writing
buggy programs and then exploiting them to get root. It's all linux
stuff, so if you use a Mac or Windows it would be easy to set up a
virtual machine to play in.

There's also tons of public exploits for old software on milw0rm and
other places that we could download to study and try to recreate. We
could try to find good sources to learn Windows exploitation too. I
have a little experience with OllyDBG (a Windows debugger), but I'm
sure there are people/books/websites we could learn a lot more from.
Also I'd be into try to write some OS X exploit code.

And of course, it'd be sweet to get everyone using Metasploit, getting
good at Metasploit, and then writing exploit code as Metasploit
modules.

Would there be sufficient interest in this kind of group?

micah