Advanced Windows Exploitation Techniques

Overview

The days of a simple EIP overwrite and a JMP ESP are long gone. Exploit developers need to take their skills to the next level in order to circumvent the most current exploit mitigations put in place on Windows operating systems. Offensive Security's Advanced Windows Exploitation Techniques will challenge you to think laterally and develop creative solutions in today's increasingly difficult exploitation environment.

Advanced Windows Exploitation provides an in-depth and hardcore drilldown into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to real-world 64-bit kernel exploitation. This course is extremely hands-on and includes a lab environment, which is tailored to challenging and bringing the most out of you. The case studies covered include vulnerabilities discovered by our research team or exploits written by us including (amongst others) CVE's 2011-2005 and 2010-0705.

Topics Covered

• Egghunters - Understanding and using Egghunters in limited space environments. (CVE-2008-4250)
• NX Bypass - Bypassing hardware NX on modern operating systems.
• Function pointer overwrites - Overwriting a function pointer in order to get code execution.
• Precision Heap Spraying - Spraying the heap for reliable code execution. (CVE-2011-2371)
• Venetian Blinds - Dealing with Unicode encoding. (CVE-2008-1912)
• 64 and 32 Bit Windows Kernel Driver Exploitation - Exploring 32 and 64 bit kernel exploitation. (CVE-2011-2005)
• Custom shellcode creation - Creating "hand made" shellcode.

Who Should Attend

This is NOT an entry level course, previous exploitation experience in Windows environments and basic use of a debugger is required. If you write basic Windows exploits, and need a serious boost, you're in the right place.

What to bring

You want to bring a *serious* laptop along. One able to run 3 vms with ease. Please do not bring netbooks.

• VMware Workstation / Fusion
• At least 80 GB HD free
• At least 3 GB of RAM
• Wired Network Support
• DVD or USB support
• A will to suffer intensely

Trainers

Matteo Memelli: Since Matteo Memelli's first experiences in the security industry, he has been "hacked" by his passion for remote exploitation, vulnerability research and covert channels analysis. Matteo is an avid researcher and developer in the exploit field, his passion for security drove him to create this class. As the co-creator and lead trainer of Offensive Security's first Exploit Development specialty class, Matteo is bringing exploitation training to a whole new level.

James O'Gorman is a seasoned security professional who thrives on the challenge of intense pentesting. Jim has taught this class with Matteo and enjoyed bringing pain and suffering to past students. Jim manages Offensive Security's consulting services and is the co-author of the "Metasploit: The Penetration Tester's Guide".