The Exploit Laboratory: Black Belt Edition // Analyzing Vulnerabilities and Writing Exploits

Saumil Udayan Shah and S.K. Chong july 23-24


Ends February 1


Ends June 1


Ends July 20


July 21-24

NOTE: You may register for this class together with The Exploit Laboratory as a 4 day course.


The Exploit Laboratory Black Belt is a new and advanced class continuing from where The Exploit Laboratory left off. This class is for those curious to dig deeper into the art and craft of software exploitation. Topics covered in the class include user mode and kernel mode exploitation, use-after-free bugs, advanced heap spraying, leaking pointers and integer overflows. Class examples include Browser exploitation, PDF and Flash exploits, plus techniques to bypass system protections such as DEP and ASLR. By the end of the class students will be using Return Oriented Programming (ROP) and have running exploits on Windows 7 and Android operating systems.

The Exploit Laboratory Black Belt requires a lot of hands on work. Lab examples used in this class cover Unix, Windows and Android platforms, featuring popular third party applications and products instead of simulated lab exercises.

As with the popular Exploit Laboratory, all topics are delivered in a down-to-earth, learn-by-example methodology. The same trainers who brought you The Exploit Laboratory for over four years have been working hard in putting together advanced material based on past feedback.

The Exploit Laboratory Black Belt is an advanced class. It is not recommended for those who have no prior experience with writing exploits, however, you may choose to combine this class with The Exploit Laboratory in succession over the course of 4 days.

Learning Objectives

This class is for you if


Hardware Requirements

Software Requirements

You may register for this class together with The Exploit Laboratory as a 4 day course.

NOTE: MAC OS X is not "officially" supported in this class. However, participants have successfully used Intel based MacBooks or MacBook Pros in previous classes. The ultra sleek MacBook Air won't work. All Mac OS X users are required to bring their own copies of VMWare Fusion or Parallels, as long as you can run virtual machine images created in VMWare Workstation 5 and above.

If your laptop is a locked-down company issued laptop, please make sure you have VMWare Workstation or VMWare Player installed by your administrator before you come to class.

Course Length

Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.


Saumil Udayan Shah, Founder and Director, Net-Square Solutions Pvt. Ltd, continues to lead the efforts in e-commerce security research at Net-Square. His focus is on researching vulnerabilities with various e-commerce and web-based application systems. Saumil also provides information security consulting services to Net-Square clients, specializing in ethical hacking and security architecture. He holds a designation of Certified Information Systems Security Professional. Saumil has had more than nine years experience with system administration, network architecture, integrating heterogeneous platforms, and information security and has performed numerous ethical hacking exercises for many significant companies in the IT area. Saumil is a regular speaker at security conferences such as BlackHat, RSA, etc.

Previously, Saumil was the Director of Indian operations for Foundstone Inc, where he was instrumental in developing their web application security assessment methodology, the web assessment component of FoundScan - Foundstone's Managed Security Services software and was instrumental in pioneering Foundstone's

Prior to joining Foundstone, Saumil was a senior consultant with Ernst & Young, where he was responsible for the company's ethical hacking and security architecture solutions. Saumil has also worked at the Indian Institute of Management, Ahmedabad, as a research assistant and is currently a visiting faculty member there.

Saumil graduated from Purdue University with a master's degree in computer science and a strong research background in operating systems, networking, information security, and cryptography. At Purdue, he was a research assistant in the COAST (Computer Operations, Audit and Security Technology) laboratory. He got his undergraduate degree in computer engineering from Gujarat University, India. Saumil is a co-author of "Web Hacking: Attacks and Defense" (Addison Wesley, 2002) and is the author of "The Anti-Virus Book" (Tata McGraw-Hill, 1996).

S.K. Chong (CISSP) is a security consultant from SCAN Associates. His job allows him to play with all kinds of hacking tools and exploits in his penetration testing. Most often, he needs to modify and/or enhance these tools before it can be used for legal penetration testing for banks, ISPs government agencies, etc. If exploit code is not available, his understanding of security advisories, exploitation and buffer overflow concepts have allowed him to create exploit code on the fly. These experiences have helped him discover other similar yet new bugs. SK has authored security whitepapers on SQL Injection, Buffer overflows, Shellcode and Windows Kernel research, including one of which was published in Phrack E-zine #62. His research has been presented in many security conferences around the world like Black Hat, XCon, HITBSecConf, etc.