Exploit Laboratory: Master

The Exploit Laboratory: Master features advanced topics in exploit development. This 2 day class is designed for participants already familiar with exploit development and need to take their skills to the next level. The Master edition course is an ideal extension of the Exploit Laboratory: Black Belt class. The class is primarily driven by lab examples and exercises, with very little theoretical teaching.

Topics covered in the Master edition include advanced ROP chains, an in-depth analysis of infoleak bugs, one-byte memory overwrite ownage, heap spraying on modern Javascript engines, server side heap spraying, kernel exploits, using ROP in kernel exploits and an introduction to 64-bit exploitation.

The Master edition is an all new advanced/uber-advanced level class was taught only once at the 2013 Seattle Trainings, and now is being introduced for the first time at the Black Hat USA Trainings.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over 10 years have been working hard in putting together advanced material based on past feedback.

NOTE: THIS CLASS CAN BE COMBINED WITH "THE EXPLOIT LABORATORY: BLACK BELT" (https://www.blackhat.com/us-15/training/exploit-laboratory-black-belt.html) AS A 4 DAY COURSE.

LEARNING OBJECTIVES
-------------------

• Quick refresher on browser exploits
  
• Quick refresher on Use-After-Free bugs and vtable overwrites
  
• Variations on ROP chains - direct Syscall invocation
  
• Infoleak bugs and bypassing ASLR
  
• Full "ownage" with One-byte memory corruption
  
• Server side heap spraying
  
• Practical server side ROP exploit on Linux
  
• Introduction to Kernel Exploitation
  
• Remote Kernel Exploitation on Windows 7 using ROP
  
• Introduction to exploits on 64-bit systems
  

• All topics covered in The Exploit Laboratory: RED TEAM or BLACK BELT classes.
• -or- an equivalent level of confidence and recklessness.
• SKILL LEVEL: ADVANCED

TUTORIALS:
----------
The Exploit Laboratory: Master is a highly advanced class. We mean it. The class assumes you are well versed with the concept of Return Oriented Programming and putting together a ROP chain by hand. If you wish to refresh your ROP concepts, do go through the following tutorial:

Dive Into ROP:
http://www.slideshare.net/saumilshah/dive-into-rop-a-quick-introduction-to-return-oriented-programming

HARDWARE REQUIREMENTS:
----------------------

• A working laptop (no Netbooks, no Tablets, no iPads)
  
• Intel Core 2 Duo x86/x64 hardware (or superior) required
  
• 4GB RAM required, at a minimum, 8GB preferred, and anywhere in between shall be tolerated
  
• Wireless network card
  
• 20 GB minimum free Hard disk space
  
• Working USB port (should not be DLP disabled!)
  

SOFTWARE REQUIREMENTS:
----------------------

• Linux / Windows / Mac OS X desktop operating systems
  
• VMWare Player / VMWare Workstation / VMWare Fusion MANDATORY