Advanced Windows Exploitation Techniques

Matteo Memelli & Jim O’Gorman, Offensive Security

Register Now // july 24 - 27

USA 2010 Four Day Training Session //July 24-27


An in depth, hardcore drilldown into advanced Windows Vulnerability Exploitation techniques from Offensive Security.

The course covers topics such as Egghunters, NX bypassing Techniques, Function Pointer Overwrites, Heap Spraying, Venetian Shellcode Encoding, Windows Kernel Exploitation and custom shellcode creation.

This course is extremely hands-on and includes a lab environment which is geared to challenge and bring the most out of you. The case studies covered include vulnerabilities discovered by our research team, or exploits written by us.

Lab Description:

The course includes a complex hands-on lab setup, which is the center of the training. Students will be provided with pre-configured VMware machines containing various vulnerabilities which are exploited throughout the course.

Course Length

Four days. All course materials, custom BackTrack DVD’s, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered.

Topics Covered:

  • Egghunters - Understanding and using Egghunters in limited space environments.
  • NX Bypass - Bypassing hardware NX on modern operating systems.
  • Function pointer overwrites - Overwriting a function pointer in order to get code execution.
  • Heap Spraying - Spraying the heap for reliable code execution.
  • Venetian Blinds - Dealing with Unicode encoding.
  • Exploiting Windows Driver
  • Custom shellcode creation - Creating "hand made" shellcode.

Who Should Attend:

This is NOT an entry level course, previous exploitation experience in Windows environments and basic use of a debugger is required. If you write basic Windows exploits, and need a serious boost, you’re in the right place.

What to bring:

  • VMware Workstation or Server installed
  • At least 60 GB HD free
  • Network Support
  • DVDROM support
  • A will to suffer intensely


Matteo Memelli: Since Matteo Memelli's first experiences in the security industry, he has been "hacked" by his passion for remote exploitation, vulnerability research and covert channels analysis. Matteo is an avid researcher and developer in the exploit field, his passion for security drove him to create this class.

As the co-creator and lead trainer of Offensive Security's first Exploit Development specialty class, Matteo is bringing exploitation training to a whole new level. This is the first course to ever offer such a variety of in depth and extreme exploitation methods.

James O’Gorman is a seasoned security professional who thrives on the challenge of intense pentesting. Jim has taught this class with Matteo and enjoyed bringing pain and suffering to past students. He is actively involved in as one of the main developers and is continually contributing to the open source community.

Super Early:
Ends Apr 1

Ends May 15

Ends Jun 15

Ends Jul 23