On This Page

The Shellcode Lab

Threat Intelligence | August 1-2 & 3-4


0-day exploits aren't needed when you know how to be a highly effective hacker. Lets increase your exploitation success rate! Create custom payloads for Windows, Linux and Mac OS X, and integrate them into Metasploit and public exploits. You don't have to be elite since The Shellcode Lab holds your hand to take your security skills to the next level. If you want to compromise more systems than ever before, register for The Shellcode Lab now!

Wouldn't it be great if you could write your own shellcode to bypass security controls such as firewalls and authenticated proxies to increase your exploitation success rate? Well now you can!

You will be provided with a "Virtual Shellcode Development Environment" that is designed to enable shellcode development across multiple platforms. Students will learn how to write shellcode for Linux, Mac 64-bit OSX and Windows. The development of the shellcode is presented using easy to learn techniques. Starting off with an introduction to different shellcoding techniques on each platform, an introduction to basic memory management and assembly, followed by creating simple shellcode to write to stdout and call functions.

This gives students a base understanding and practical experience to develop simple shellcode. The complexity is then increased to more useful shellcode such as command execution, dynamic Windows shellcode, setting up backdoor listeners using sockets, shellcode networking to remotely gain a command shell, and egg hunter shellcode to search through memory for our payload. All of this is done whilst holding your hand so that you don't miss a beat. Students will also learn about staged-loading shellcode to bypass security controls such as firewalls and authenticated proxies, and kernel level shellcode to perform privilege escalation.

Students are taught how to encode their shellcode using the Metasploit Exploit Framework (MSF), and insert it into exploits that will be used to show that their shellcode was successfully executed. They will learn how to use MSF to generate shellcode for a variety of platforms, as well as how to integrate their shellcode into MSF so that it is available to all Metasploit exploits.

What people are saying:
  • "By far the best course I've taken at Black Hat."
  • "This is the BEST class I have attended in my 17 year professional career."
  • "One of the most well-organized, well paced courses I've ever attended at Black Hat."
  • "Best course ever. Thanks. I learned a lot."
  • "I loved it!"
  • "Great explanations and worked with individual student to make sure no one was left behind."
  • "Excellent job! I would recommend this course."
  • "Extremely organized and would recommend to colleague. Thank you."

Who Should Take this Course

Penetration Testers, Security Officers, Security Auditors, System Administrators and anyone else who wants to tune their elite security skills.

Anyone who is interested in shellcoding, exploitation, vulnerabilities or Metasploit are prime candidates for this course. Students will be taught from scratch everything they need to know to complete this course successfully and walk away with a thorough knowledge and practical skills on how to create shellcode.

This class is a great follow on course to "The Exploit Laboratory" and "The Exploit Laboratory: Black Belt". These students will have learned a lot about exploitation, but are still limited to pre-packaged shellcode. This course lets you create custom shellcode to maximize exploitation success rates.

Developers who want to learn low-level security development skills with shellcoding and assembly.

Managers who want to gain a more in depth understanding of how systems can be compromised, how security controls can be bypassed both at the operating system level and network level, and how network access controls and intrusion prevention systems play a big part in preventing shellcode successfully connecting back to the attacker, and the general risks associated with your network security.

Student Requirements

We will teach you everything you need to know from scratch! The course is designed to hold your hand at every step.

As long as you can "double-click" in Windows and use basic command line navigation in Linux, then we can take you from n00b to l33t in 2 days!

What Students Should Bring

  • A working laptop (Windows, Mac or Linux) to run 2 x VMware VMs
  • Wireless network adapter for internet access
  • 20 GB free Hard disk space
  • LATEST version of VMWare Player (or Workstation, Server, Fusion, etc.)

What Students Will Be Provided With

  • A "Virtual Shellcode Development Environment" that is designed to enable shellcode development across multiple platforms
  • The Shellcode Lab workbook
  • Lab instructions and solutions


Ty Miller is the Director of Threat Intelligence (www.threatintelligence.com) who are specialists in the area of Managed Intelligence services, penetration testing, and specialist security consulting. He is the creator of "Threat Analytics" (www.threat-analytics.com) that automatically identifies hackers on your websites, classifies and tracks them across the world, automatically responds, and alerts you to pending attacks against your websites before they have been launched. Ty developed and runs "The Shellcode Lab" each year at Black Hat USA, he presented at Black Hat on his development of "Reverse DNS Tunnelling Shellcode", and is the creator of the "Practical Threat Intelligence" course at Black Hat. He also presented at "Ruxcon" where he demonstrated his cutting edge attack technique to force your web browser to exploit internal servers from the Internet. Ty Miller was a co-author of "Hacking Exposed Linux 3rd Edition" and was also involved in the design of the bootable CHAOS Linux cluster distribution. Ty's experience not only covers intelligence-based security and penetration testing, it also expands into traditional and cloud security architecture designs, regulations like PCI, developing and running industry benchmark accreditations such as CREST, performing forensic investigations, as well as creating and executing a range of specialist security training.