
The Advanced Software Exploitation (ASE) course offers security professionals an opportunity to test and develop their skills like never before. During this course, students will learn to identify common vulnerabilities and then use them to develop exploits for a wide range of software applications, including popular Windows applications, interpreted languages, and Web browsers.
In the first half of the course, attendees will use fuzzing, reverse engineering, and source code auditing, to attack a wide variety of applications (e.g. iTunes, Firefox, Vulnserver, etc.) and then use proven exploitation techniques to develop an exploit for one of the VMs (Windows 7, Windows 8.1 and Windows 10).
Then, in the second half of the course, the focus will shift from classic vulnerabilities to more advanced ones. In this section, students will learn how to escape Java sandbox using a type confusion vulnerability, how to circumvent the ASLR without pointer leaks, and how to use precise heap spraying, just to name a few.
By the end of this course, students will know how to find software vulnerabilities using fuzzing, reverse engineering, and source code auditing, and then how to write their own exploits in Python, JavaScript, or Java.
Syllabus
- Fundamentals: Intro
- Fundamentals: Stack Buffer Overflow
- Fundamentals: Structured Exception Handler Overwrite
- File Format Fuzzing: Intro
- File Format Fuzzing: The Peach Fuzzer
- Network Protocol Fuzzing: Vulnerability Discovery
- Network Protocol Fuzzing: Exploitation
- Attacking Web Browsers: Vulnerability Discovery
- Attacking Web Browsers: Exploitation
- Practical Patch Diffing
- Exploiting vulnerabilities in the Oracle JVM: Vulnerability Discovery
- Exploiting vulnerabilities in the Oracle JVM: Exploitation
- Advanced Windows exploitation
- Conclusion
Security Education
OffSec
iNE
Antisyphon
EC-Council
Applied Network Defense
Kaspersky
Sektor7
CompTIA
TCM Security
BlackHat
13Cubed
Dark Vortex
Enciphers
Forty North
Cyber warfare Labs
Maltrak
Scorpio Software
Security Onion
Zero Point Security
SentinelOne
Altered Security
SpecterOps
Pentester Academy
CQURE
PluralSight
StationX
Cybr
موسسههای دیگر