Advanced Windows Exploitation

Offensive Security | July 22-25



Overview

Writing exploits on modern Windows based platforms over the years has become a complex dance of memory manipulation to circumvention of modern mitigations Microsoft has put in place. Offensive Security's Advanced Windows Exploitation Techniques (AWE) challenges you to develop creative solutions that work in today's increasingly difficult exploitation environment.

Covering techniques ranging from precision heap spraying, to DEP and ASLR bypass, real-world 64-bit kernel exploitation, and EMET bypasses, in a hands-on lab focused environment. AWE makes a point of introducing a concept and then allowing you to work through a case study applying what you learned, with multiple instructors on hand for help with any problems. The case studies covered include vulnerabilities discovered by our research team or exploits written by Offensive Security.

Topics covered include:

  • NX/ASLR Bypass - Using different techniques to bypass Data Execution Prevention and Address Space Layout Randomization protection mechanisms on modern operating systems.
  • Function pointer overwrites - Overwriting a function pointer in order to get code execution.
  • Precision Heap Spraying - Spraying the heap for reliable code execution.
  • Disarming EMET Mitigations to gain reliable code execution
  • 64 and 32 Bit Windows Kernel Driver Exploitation - Exploring 32 and 64 bit kernel exploitation.
  • Kernel Pool Exploitation

Who Should Take this Course

Advanced Windows Exploitation is NOT an entry level course. We expect students to have previous exploitation experience in a Windows environment and understand their way around a debugger. Additionally, to get the most out of the class you will want to spend time in the evenings working through case studies and reviewing the provided reading material. This is hardest course Offensive Security offers. Abandon all hope, you who enter here.

Student Requirements

Students should be experienced in exploit development for Windows and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this course.

What Students Should Bring

You want to bring a *serious* laptop along. One able to run 3 VMs with ease. Please do not bring netbooks or other low resolution systems.

  • VMware Workstation / Fusion
  • At least 80 GB HD free
  • At least 8 GB of RAM
  • Wired Network Support
  • USB 2.0 support or better
  • 64bit Host operating system (Important)
  • A will to suffer intensely

What Students Will Be Provided With

Students will be provided with virtual machines for use in class. Additionally, the Advanced Windows Exploitation lab guide will be provided. An in-class "Hint System" will provide electronic distribution of all scripts, POCs, and so on.

***PLEASE NOTE***
Black Hat does NOT include the exam. This can be purchased after the Vegas class for a discount.

Trainers

Matteo Memelli is the creator and lead instructor of the AWE course, which has been continuously sold out since its premier six years ago. Matteo leads Offensive Security's research and development team, and continually refreshes the AWE course with real-world exploits derived from his research. His recent work has included a series of EMET bypasses as well several 0day exploits in commercial software including Symantec Endpoint Protection.