The Exploit Laboratory Black Belt is a new and advanced class continuing from where The Exploit Laboratory left off. This class is for those curious to dig deeper into the art and craft of software exploitation. Topics covered in the class include user mode and kernel mode exploitation, use-after-free bugs, advanced heap spraying, leaking pointers and integer overflows. Class examples include Browser exploitation, PDF and Flash exploits, plus techniques to bypass system protections such as DEP and ASLR. By the end of the class students will be using Return Oriented Programming (ROP) and have running exploits on Windows 7 and Android operating systems.
The Exploit Laboratory Black Belt requires a lot of hands on work. Lab examples used in this class cover Unix, Windows and Android platforms, featuring popular third party applications and products instead of simulated lab exercises.
As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over four years have been working hard in putting together advanced material based on past feedback.
The Exploit Laboratory Black Belt is an advanced class. It is not recommended for those who have no prior experience with writing exploits, however, you may choose to combine this class with The Exploit Laboratory in succession over the course of 4 days.
Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.
Saumil Shah is the founder and CEO of Net-Square, providing cutting edge information security services to clients around the globe. Saumil is an internationally recognized speaker and instructor, having regularly presented at conferences like Blackhat, RSA, CanSecWest, PacSec, EUSecWest, Hack.lu, Hack-in-the-box and others. He has authored two books titled "Web Hacking: Attacks and Defense" and "The Anti-Virus Book".
Saumil graduated with an M.S. in Computer Science from Purdue University, USA and a B.E. in Computer Engineering from Gujarat University. He spends his leisure time breaking software, flying kites, traveling around the world and taking pictures.
S.K. Chong (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools and exploits in his penetration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing for banks, ISPs government agencies, etc. If exploit code is not available, his understanding of security advisories, exploitation and buffer overflow concepts have allowed him to create exploit code on the fly. These experiences have helped him discover other similar yet new bugs. SK has authored security whitepapers on SQL Injection, Buffer overflows, Shellcode and Windows Kernel research, including one of which was published in Phrack E-zine #62. His research has been presented in many security conferences around the world like Black Hat, XCon, HITBSecConf, etc.