• Cutting-Edge Course Material

    The Advanced Software Exploitation course is based on cutting-edge research and real world experience accumulated over the years by our Red Team.

  • Hands-on Lab Exercises

    In order to consolidate the concepts taught throughout the course, each lecture is followed by several hands-on lab exercises.

  • Get the CSED certification!

    The Certified Software Exploit Developer (CSED) certification is the world's most advanced hands on certification for vulnerability researchers and exploit developers.

Course Description

Formerly known as the Advanced Vulnerability Discovery and Exploit Development course, the Ptrace Security’s Advanced Software Exploitation course offers security professionals an opportunity to test and develop their skills like never before. During this class, attendees will be provided with the latest techniques and tools to discover vulnerabilities and use them to develop reliable exploits for a wide range of software including complex Windows applications, interpreted languages, Web browsers, and critical Microsoft services.

In the first half of the course, attendees will use reverse engineering, source code auditing, and fuzz testing to attack a wide variety of applications (many of which are critical for a successful penetration test) and then use the latest exploitation techniques available today to develop a reliable exploit for Windows 7, Windows 8.1 and Windows 10.

In the second half of the course, the focus will shift from classic to advanced exploitation techniques. Attendees will learn how to escape from the Java sandbox, how to circumvent ASLR without pointer leaks, how to use precise heap spraying and how to bypass the Enhanced Mitigation Experience Toolkit (EMET).

By the end of this course, attendees will have a clear idea of how to find and exploit software vulnerabilities on modern Windows machines.

Highlights

■ Practical software vulnerability discovery.

■ Cutting-edge network protocol and file format fuzzing.

■ Binary analysis techniques and vulnerable patterns identification.

■ Advanced usage of the Grinder Framework, PyKd, and IDA Python.

■ In-depth study of modern Windows mitigation bypasses.

■ State of the art techniques for exploit development.


Course Syllabus

Prerequisites

Attendees should be familiar with C/C++, Python, and the x86/x64 assembly language, as well as have a basic knowledge and understanding of popular software vulnerabilities (e.g. stack buffer overflows, format strings, etc.).


Requirements

■ Laptop with at least forty (40) GB of free hard drive space and eight (8) GB of RAM.

■ Latest Oracle VM VirtualBox and VirtualBox Extension Pack installed.

■ A working version of IDA Pro 6.8+ (or IDA Pro Evaluation Version).

Enroll Now!