We will look into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.
Upon completion of this training, participants will be able to learn:
Burp Suite Pro is the leading tool for auditing Web applications at large, but also a complex beast where new features get added every few weeks. Mastering Burp Suite Pro, including its newest features, allows testers to get the most out of the tool, optimizing time spent auditing and testing. Work will be faster (hotkeys!) and much more efficient (more tools, more possibilities!). Attendees will also learn to measure and assess the quality of their attacks, a crucial skill in real-life engagements that can make the difference between a false-negative and a critical finding.
A complete introduction to 0-day discovery for Windows targets, focusing on closed-source real-world software, including kernel modules and user code.
Who should take this course?
Anyone looking to get into Windows vulnerability research and fuzzing, although many of the concepts and approaches taught can be used for fuzzing on other platforms (MacOS/Linux, etc), all the exercises will focus on Windows. Also useful for red-teamers looking to add zero-days to their arsenal (with a dedicated section on finding quick 0-days on time-limited engagements).
Most topics are beginner friendly and assume limited or no prior experience with modern fuzzing approaches and Windows vulnerability research, with advanced topics (hypervisors & emulators, for example) presented in an easy-to-understand manner.
Full Stack Web Attack is not an entry-level course. It’s designed to push you beyond what you thought was possible and set you on the path to develop your own workflow for offensive zero-day web research.
This course is developed for web penetration testers, bug hunters and developers that want to make a switch to server-side web security research or see how serious adversaries will attack their web based code.
Students are expected to know how to use Burp Suite and have a basic understanding of common web attacks as well as perform basic scripting using common languages such as python, PHP and JavaScript. Each of the vulnerabilities presented have either been mirrored from real zero-day or are n-day bugs that have been discovered by the author with a focus on not just exploitation, but also on the discovery.
So if you want to learn how to exploit web technologies without client interaction for maximum impact, that is, remote code execution then this is the course for you.
To achieve maximum stealth and obtain unabated access to the system, rootkits execute in kernel mode. This course focuses on the kernel interfaces (APIs), data structures and mechanisms that are exploited by rootkits to achieve their goals at every stage of their execution. Kernel security enhancements that have been progressively added from Windows 7 to the latest version of Windows are discussed along with some circumvention techniques. This advanced course provides a comprehensive end-to-end view of the modus-operandi of rootkits by taking an in-depth look at behind the scenes working of the Windows kernel and how these mechanisms are exploited by malware through hands-on labs and real-world case studies. Kernel security enhancements that have been progressively added to Windows are discussed along with some circumvention techniques. Attendees will study key techniques used by rootkits to understand the real-world applicability of these concepts for offensive and defensive purposes. This training is beneficial to anyone responsible for developing, detecting, analyzing, and defending against rootkits and other Windows kernel post-exploitation techniques including EPP/EDR software developers, anti-malware engineers, security researchers, red/blue/purple teamers. A special version of this training is also available for malware, rootkit forensics analysts where the focus is not on implementing rootkit functionality but rather on investigating rootkits using tools such as WinDBG and Volatility. This analyst version does not require attendees to have a programming background and contains topics related to rootkit detection and case studies.
