The days of a simple EIP overwrite and a JMP ESP are long gone. Exploit developers need to take their skills to the next level in order to circumvent the most current exploit mitigations put in place on Windows operating systems. Offensive Security's Advanced Windows Exploitation Techniques will challenge you to think laterally and develop creative solutions in today's increasingly difficult exploitation environment.
Advanced Windows Exploitation provides an in-depth and hardcore drilldown into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to real-world 64-bit kernel exploitation. This course is extremely hands-on and includes a lab environment, which is tailored to challenging and bringing the most out of you. The case studies covered include vulnerabilities discovered by our research team or exploits written by us.
• Custom shellcode creation - Creating "hand made" shellcode.
• NX/ASLR Bypass - Using different techniques to bypass Data Execution Prevention and Address Space Layout Randomization protection mechanisms on modern operating systems.
• Function pointer overwrites - Overwriting a function pointer in order to get code execution.
• Precision Heap Spraying - Spraying the heap for reliable code execution. (CVE-2011-2371)
• Disarming EMET Mitigations to gain reliable code execution
• 64 and 32 Bit Windows Kernel Driver Exploitation - Exploring 32 and 64 bit kernel exploitation. (CVE-2011-2005)
• Kernel Pool Exploitation - The 0day angle. (CVE-2014-XXXX)
This is NOT an entry level course, previous exploitation experience in Windows environments and basic use of a debugger is required. If you write basic Windows exploits, and need a serious boost, you're in the right place.
It is assumed the student is experienced in Windows exploit development and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended.
You want to bring a *serious* laptop along. One able to run 3 vms with ease. Please do not bring netbooks.
• VMware Workstation / Fusion
• At least 80 GB HD free
• At least 4 GB of RAM
• Wired Network Support
• USB 2.0 support or better
• 64bit Host operating system
• A will to suffer intensely
Students will be provided virtual machines for use in the class.
Matteo Memelli: Since Matteo Memelli's first experiences in the security industry, he has been "hacked" by his passion for remote exploitation, vulnerability research and covert channels analysis. Matteo is an avid researcher and developer in the exploit field, his passion for security drove him to create this class. He is the co-creator and lead trainer of Offensive Security's first Exploit Development specialty class.