Advanced Software Exploitation v3

Learn how to discover and exploit software vulnerabilities.

  • Cutting-Edge Course Material

    The Advanced Software Exploitation course is based on cutting-edge research and real world experience accumulated over the years by our Red Team.

  • Hands-on Lab Exercises

    In order to consolidate the concepts taught throughout the course, each lecture is followed by several hands-on lab exercises.

  • Get the CSED certification!

    The Certified Software Exploit Developer (CSED) certification is the world's most advanced hands on certification for vulnerability researchers and exploit developers.


■ Practical software vulnerability discovery.

■ Cutting-edge network protocol and file format fuzzing.

■ Binary analysis techniques and vulnerable patterns identification.

■ Advanced usage of the Grinder Framework, PyKd, and IDA Python.

■ In-depth study of modern Windows mitigation bypasses.

■ State of the art techniques for exploit development.

Course Description

Formerly known as the Advanced Vulnerability Discovery and Exploit Development course, the Ptrace Security’s Advanced Software Exploitation course offers security professionals an opportunity to test and develop their skills like never before. During this class, attendees will be provided with the latest techniques and tools to discover vulnerabilities and use them to develop reliable exploits for a wide range of software including complex Windows applications, interpreted languages, Web browsers, and critical Microsoft services.

In the first half of the course, attendees will use reverse engineering, source code auditing, and fuzz testing to attack a wide variety of applications (many of which are critical for a successful penetration test) and then use the latest exploitation techniques available today to develop a reliable exploit for Windows 7, Windows 8.1 and Windows 10.

In the second half of the course, the focus will shift from classic to advanced exploitation techniques. Attendees will learn how to escape from the Java sandbox, how to circumvent ASLR without pointer leaks, how to use precise heap spraying and how to bypass the Enhanced Mitigation Experience Toolkit (EMET).

By the end of this course, attendees will have a clear idea of how to find and exploit software vulnerabilities on modern Windows machines.

Course curriculum

  • Exploit Development 101 (Vulnerability classes and common exploitation techniques, Stack buffer overflows, Structured Exception Handler (SEH) based exploits, Return-oriented programming (ROP), etc.)

  • Practical Software Fuzzing (File format fuzzing, Random based fuzzers, Mutation based fuzzers, Generation based fuzzers, Model-based fuzzers, The Peach fuzzer, Create an M3U fuzzer, Network protocol analysis, Network protocol fuzzing, etc.)

  • Attacking Web Browsers (Memory Leaks, Anatomy of Firefox memory leak vulnerability, Hacking the JavaScript Engine to create custom objects, Using a custom JavaScript object to get code execution, Bypassing ASLR and DEP, etc.)

  • Patch Diffing (Introduction to binary diffing, Microsoft patches, Download Microsoft patches, Binary diffing Microsoft patches, Discover vulnerabilities using Microsoft patch analysis, Crafting the initial proof of concept, etc.)

  • Escaping the Java Sandbox (Java sandbox architecture, Type confusion vulnerabilities, Finding type confusion vulnerabilities, The Java Applet java.util.concurrent type confusion vulnerability, Escaping the Java sandbox, etc.)


Attendees should be familiar with C/C++, Python, and the x86/x64 assembly language, as well as have a basic knowledge and understanding of popular software vulnerabilities (e.g. stack buffer overflows, format strings, etc.).


■ Laptop with at least forty (40) GB of free hard drive space and eight (8) GB of RAM.

■ Latest Oracle VM VirtualBox and VirtualBox Extension Pack installed.

■ A working version of IDA Pro 6.8+ (or IDA Pro Evaluation Version).

Pre-Registration for the ASE v3

Add your email to the waiting list to be notified when the ASE v3 becomes available. Please note that places are limited and will be allocated on a first come first served basis.