Writing exploits on modern Windows based platforms over the years has become a complex dance of memory manipulation to circumvention of modern mitigations Microsoft has put in place. Offensive Security's Advanced Windows Exploitation Techniques (AWE) challenges you to develop creative solutions that work in today's increasingly difficult exploitation environment.
Covering techniques ranging from precision heap spraying, to DEP and ASLR bypass, real-world 64-bit kernel exploitation, and EMET bypasses, in a hands-on lab focused environment. AWE makes a point of introducing a concept and then allowing you to work through a case study applying what you learned, with multiple instructors on hand for help with any problems. The case studies covered include vulnerabilities discovered by our research team or exploits written by Offensive Security.
Topics covered include:
Advanced Windows Exploitation is NOT an entry level course. We expect students to have previous exploitation experience in a Windows environment and understand their way around a debugger. Additionally, to get the most out of the class you will want to spend time in the evenings working through case studies and reviewing the provided reading material. This is hardest course Offensive Security offers. Abandon all hope, you who enter here.
Students should be experienced in exploit development for Windows and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this course.
You want to bring a *serious* laptop along. One able to run 3 VMs with ease. Please do not bring netbooks or other low resolution systems.
Students will be provided with virtual machines for use in class. Additionally, the Advanced Windows Exploitation lab guide will be provided. An in-class "Hint System" will provide electronic distribution of all scripts, POCs, and so on.
Matteo Memelli is the creator and lead instructor of the AWE course, which has been continuously sold out since its premier six years ago. Matteo leads Offensive Security's research and development team, and continually refreshes the AWE course with real-world exploits derived from his research. His recent work has included a series of EMET bypasses as well several 0day exploits in commercial software including Symantec Endpoint Protection.