Center for Cyber Security Training LLC is happy to bring to you EXPLOIT DEVELOPMENT in partnership with Corelan GCV.  We're excited to announce that we have two public classes with limited availability. Advanced on January 28-31, 2019 and Bootcamp on a future date. Registration forms specify all the details and the link can be found under each abstract. 


*WARNING: 

  1. Course contents are subject to change. Both this website and www.corelan-training.com site. 
  2. It will be required to sign a confidentiality agreement at the start of the course.  You will not be admitted to the course without signing this document.  You can find a copy of the document here.
  3. We do not provide solutions for any of the exercises in this course, but we will help you to find the solutions yourself, either during the course of after the course (via the student-only forum). 


ADVANCED EXPLOIT DEVELOPMENT


Abstract: 

The “ADVANCED” exploit development class is a fast-paced, mind-bending, hands-on course where you will learn advanced exploit development techniques from an experienced exploit developer. During this 4 day course, students will get the opportunity to learn how to write exploits that bypass modern memory protections for the Win32 platform.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.

This is most certainly not an entry level course. In fact, this is a one of the finest and most advanced courses you will find on Win32 exploit development.    

This hardcore, practical, hands-on course will provide students with solid understanding of current Win32 exploitation & memory protection bypass techniques, with a strong focus on the Windows heap.  We make sure the course material is kept updated with current techniques, includes previously undocumented tricks and techniques, and details about research we performed ourselves.  Combined with the way the course is built up, this will turn this class into a truly unique learning experience.

During all of our courses, we don’t just focus on techniques and mechanics, but we also want to make sure you understand why a given technique is used, why something works and why something doesn’t work.


Date: January 28-31, 2019

Location: Columbia, Maryland

Registration: Registration Form


Course Outline


ASLR & DEP Refresher

Bypassing ASLR

Bypassing DEP


Heap Spraying

Heap Feng Shui & heaplib

Precise Heap Spraying in modern browsers


Heap Exploitation (Internet Explorer as an example)

DOM Fundamentals

Heap Fundamentals

Exploiting Browser Use-After-Free conditions

Memory leaks / Information Disclosure

Heap Overflows, Heap Manipulations and primitives   


***Prerequisites

Students NEED to:

  • be able to read simple C code and simple scripts
  • truly master all basic concepts of exploit development, as listed in our “BOOTCAMP” course.  If you have taken the Bootcamp course and done a lot of practice after taking the class, then you’re probably ready for this class. 
  • be familiar with ROP (i.e. understand how it works on Windows, know how to build a ROP chain, know how to use mona.py to generate a chain and how to fix the chain if it doesn’t work)
  • be familiar with reading/writing python/ruby/html/javascript scripts
  • be familiar with using debuggers (we’ll use WinDBG for most part of the course, but we’ll spend some time explaining the basics of using WinDBG.  It is assumed that you have practical experience with Immunity Debugger and mona.py)
  • be ready to dive into a debugger and read asm for hours and hours and hours
  • be ready to think out of the box and have a strong desire to learn
  • be fluent with managing Windows / Linux operating system and with using vmware workstation/virtualbox
  • be familiar with using Metasploit to generate shellcode
  • have basic practical knowledge of assembly

It’s imperative for students to comply with these prerequisites. 


BootCamp Exploit Development

Abstract:

 

This “BOOTCAMP” is a truly unique opportunity to learn both basic & advanced techniques from an experienced exploit developer, at a conference. During this 4 day course, students will be able to learn all ins and outs about writing reliable exploits for the Win32 platform.  The trainer will share his “notes from the field” and various tips & tricks to become more effective at writing exploits.

We believe it is important to start the course by explaining the basics of stack buffer overflows and exploit writing, but this is most certainly not “your average” entry level course. In fact, this is a true bootcamp and one of the finest and most advanced courses you will find on Win32 stack based exploit development.

This hardcore hands-on course will provide students with solid understanding of current Win32 (stack based) exploitation techniques and memory protection bypass techniques.  We make sure the course material is kept updated with current techniques, includes previously undocumented tricks and techniques, and details about research we performed ourselves.  Combined with the way the course is built up, this will turn this class into a truly unique experience.

During all of our courses, we don’t just focus on techniques and mechanics, but we also want to make sure you understand why a given technique is used, why something works and why something doesn’t work.

We believe those are just a few arguments that makes this training stand out between other exploit development training offerings.   

 

Date: TBD

Location: Columbia, Maryland

For Registration: Registration Form

 


Course Outline

 

The x86 environment

System Architecture

Windows Memory Management

Registers

Introduction to Assembly

The stack


The Exploit Development Lab Environment

Setting up the exploit developer lab

Using debuggers and debugger plugins to gather primitives


Stack Buffer Overflows

Stack Buffers

Functions

Saved return pointer overwrites

Stack cookies

Structured Exception Handlers

etc


Egg Hunters

Using Egghunters

Egg Hunters in a WoW64 environment


Reliability++ & Reusability++

Finding and avoiding bad characters

Creative ways to deal with character set limitations


Metasploit Framework Exploit Modules

Writing exploits for the Metasploit Framework

Porting exploits to the Metasploit Framework


ASLR

Bypassing ASLR


DEP

Bypassing NX/DEP

Return Oriented Programming / Code Reuse (ROP)