Course: Linux Exploits & Mitigation

$269.00
$325.49 incl. vat

duration: 11 hours |

Language: English (US) |

access duration: 90 days |

Incompany available

Details

In this course, you will explore Linux Exploits & Mitigation. You will start by analysing kernel vulnerabilities, which requires an environment to carry out the reproduction of exploits. You will get to know the virtual environments and stage systems using QEMU. You will learn to set up the Linux kernel, complete with network support. And you will have a look at vulnerabilities that may affect your virtual environment.

You will learn to navigate between userland and kernel and how it impacts how programs reside and execute inside of an operating system. You'll investigate the structure of the Linux kernel, system calls, and program interfaces by running, debugging, and disassembling code. Next, you will explore how string code can be written safely and how strings vulnerabilities are exploited. You'll correct common errors, check strings for safety, loop over strings, and see what happens when unsafe strings are executed in a program. You'll learn how to employ the core pentesting tools to help validate that your systems and software are secure against known attacks. Lastly, you'll learn about the architectural differences and system implementations that lead to race conditions, shellcode and out-of-order execution vulnerabilities

Result

After completing this course, you are ready to work with Linux exploits, mitigation, and vulnerabilities.

Prerequisites

No prerequisites. Some prior knowledge is advisable.

Target audience

System Administrator, Security Specialist

Content

Linux Exploits & Mitigation

11 hours

Linux Exploits & Mitigation: Staging for Exploit Analysis

Analyzing kernel vulnerabilities requires an environment to carry out the reproduction of exploits. Being able to quickly and securely stage an operating system is essential. In this course, you'll explore virtual environments and stage systems using QEMU.

You'll develop an approach to setting up virtual environments for the Linux kernel, complete with network support. You'll install Linux kernels by version and compile Linux kernels from scratch. Next, you'll investigate architectural considerations, emulate architectures in QEMU, and gather system info from your staging environment.

Finally, you'll examine vulnerability considerations that might affect the virtual environment itself and identify safeguards for protecting your computing environments when carrying out exploit analysis.

By the end of this course, you'll be able to launch an instance of Alpine Linux, configure networking options, and emulate an Alpine Linux ARM variant within a QEMU environment.

Linux Exploits & Mitigation: Program Essentials

Navigating the space between userland and kernel and how it impacts how programs reside and execute inside of an operating system can lead to a better understanding of how it's exploited. Being able to debug, disassemble, and dump programs are essential to finding vulnerabilities. In this course, you'll investigate the structure of the Linux kernel, system calls, and program interfaces by running, debugging, and disassembling code.

You'll explore how programs fit in memory and how they are protected and executed. You'll debug and disassemble code into its assembly for inspection. Next, you'll explore the GNU C implementation of the standard library and interface using syscalls and the Linux system call table. Finally, you'll explore how programs and scripts are executed and how they are segmented in memory.

Linux Exploits & Mitigation: String Vulnerability Analysis

String vulnerabilities are at the core of a wide range of exploits. Being able to recognize, debug, and fix unsafe string manipulation code is essential to avoiding vulnerabilities. In this course, you'll explore how string code can be written safely and how strings vulnerabilities are exploited.

You'll look at the most common format string vulnerabilities in the C programming language and what it means to overflow a string buffer. You'll debug string exploits, including vulnerabilities introduced by common string output and manipulation functions. Next, you'll correct common errors, check strings for safety, loop over strings, and see what happens when unsafe strings are executed in a program. Finally, you'll describe how code can be injected via strings and how strings can be returned safely.

Linux Exploits & Mitigation: Memory and Pointer Vulnerabilities

  • Memory and pointer vulnerabilities come from a number of common

  • programmer mistakes. Being able to recognize, debug, and fix unsafe
  • memory allocation and access errors is essential to avoiding
  • vulnerabilities. In this course, you'll explore how memory and
  • pointer vulnerabilities arise and how they lead to program errors
  • and exploits. You'll look at how memory is allocated and accessed
  • in a typical C program. You'll investigate what causes heap and
  • stack overflows, use-after-free (UAF) vulnerabilities, and
  • out-of-bounds access errors. In addition, you'll recognize dangling
  • pointers, NULL dereferences, and off-by-one loops. Finally, you'll
  • delve into how coding errors lead to corrupted memory and arbitrary
  • code execution.

Linux Exploits & Mitigation: Penetration Tools

  • The baseline of security for any computer system is a defense

  • against known exploits and attacks. In this course, you'll learn
  • how to employ the core pentesting tools to help validate that your
  • systems and software are secure against known attacks. You'll start
  • by learning how to leverage the capabilities of Metasploit by using
  • its basic commands, payloads, and options. You'll then explore
  • Metasploitable, Commix, as well as Exploit Database, SearchSploit,
  • and the Linux Exploit Suggester. Next, you'll learn how to use
  • RouterSploit and ShellNoob to carry out tests. Finally, you'll
  • examine how to use SQLMap to explore how SQL injection attacks are
  • formed and how to protect against them.

Linux Exploits & Mitigation: Linux Exploit Architecture

  • Vulnerabilities vary by architecture and family of processor.

  • Recognizing the processor implementations and the differences that
  • lead to an exploit is essential. In this course, you'll explore
  • different classes of vulnerabilities based on the computing
  • environment. You'll learn about the architectural differences and
  • system implementations that lead to race conditions, shellcode and
  • out-of-order execution vulnerabilities. You'll explore mitigations
  • and protections to prevent stack smashing, use-after-free, and
  • integer vulnerabilities. Next, you'll examine contemporary exploits
  • such as Spectre and Meltdown and mitigations provided by Write XOR
  • Execute (W^X). Finally, you'll investigate protections to prevent
  • privileged escalation and exploiting processes and tasks.

Course options

We offer several optional training products to enhance your learning experience. If you are planning to use our training course in preperation for an official exam then whe highly recommend using these optional training products to ensure an optimal learning experience. Sometimes there is only a practice exam or/and practice lab available.

Optional practice exam (trial exam)

To supplement this training course you may add a special practice exam. This practice exam comprises a number of trial exams which are very similar to the real exam, both in terms of form and content. This is the ultimate way to test whether you are ready for the exam. 

Optional practice lab

To supplement this training course you may add a special practice lab. You perform the tasks on real hardware and/or software applicable to your Lab. The labs are fully hosted in our cloud. The only thing you need to use our practice labs is a web browser. In the LiveLab environment you will find exercises which you can start immediatelyThe lab enviromentconsist of complete networks containing for example, clients, servers,etc. This is the ultimate way to gain extensive hands-on experience. 

WHY_ICTTRAININGEN

Via ons opleidingsconcept bespaar je tot 80% op trainingen

Start met leren wanneer je wilt. Je bepaalt zelf het gewenste tempo

Spar met medecursisten en profileer je als autoriteit in je vakgebied.

Ontvang na succesvolle afronding van je cursus het officiële certificaat van deelname van Icttrainingen.nl

Krijg inzicht in uitgebreide voortgangsinformatie van jezelf of je medewerkers

Kennis opdoen met interactieve e-learning en uitgebreide praktijkopdrachten door gecertificeerde docenten

Orderproces

Once we have processed your order and payment, we will give you access to your courses. If you still have any questions about our ordering process, please refer to the button below.

read more about the order process

What is included?

Certificate of participation Yes
Monitor Progress Yes
Award Winning E-learning Yes
Mobile ready Yes
Sharing knowledge Unlimited access to our IT professionals community
Study advice Our consultants are here for you to advice about your study career and options
Study materials Certified teachers with in depth knowledge about the subject.
Service World's best service

Platform

Na bestelling van je training krijg je toegang tot ons innovatieve leerplatform. Hier vind je al je gekochte (of gevolgde) trainingen, kan je eventueel cursisten aanmaken en krijg je toegang tot uitgebreide voortgangsinformatie.

Life Long Learning

Follow multiple courses? Read more about our Life Long Learning concept

read more

Contact us

Need training advise? Contact us!


contact