Writing exploits on modern Windows based platforms over the years has become a complex dance of memory manipulation to circumvention of modern mitigations Microsoft has put in place. Offensive Security's Advanced Windows Exploitation Techniques (AWE) challenges you to develop creative solutions that work in today's increasingly difficult exploitation environment.
Covering techniques ranging from precision heap spraying, to DEP and ASLR bypass, real-world 64-bit kernel exploitation, and EMET bypasses, in a hands-on lab focused environment. AWE makes a point of introducing a concept and then allowing you to work through a case study applying what you learned, with multiple instructors on hand for help with any problems. The case studies covered include vulnerabilities discovered by our research team or exploits written by Offensive Security.
Topics covered include:
- NX/ASLR Bypass - Using different techniques to bypass Data Execution Prevention and Address Space Layout Randomization protection mechanisms on modern operating systems.
- Function pointer overwrites - Overwriting a function pointer in order to get code execution.
- Precision Heap Spraying - Spraying the heap for reliable code execution.
- Disarming EMET Mitigations to gain reliable code execution
- 64 and 32 Bit Windows Kernel Driver Exploitation - Exploring 32 and 64 bit kernel exploitation.
- Kernel Pool Exploitation
Advanced Windows Exploitation is NOT an entry level course. We expect students to have previous exploitation experience in a Windows environment and understand their way around a debugger. Additionally, to get the most out of the class you will want to spend time in the evenings working through case studies and reviewing the provided reading material. This is hardest course Offensive Security offers. Abandon all hope, you who enter here.
Students should be experienced in exploit development for Windows and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this course.
You want to bring a *serious* laptop along. One able to run 3 VMs with ease. Please do not bring netbooks or other low resolution systems.
- VMware Workstation / Fusion
- At least 80 GB HD free
- At least 8 GB of RAM
- Wired Network Support
- USB 2.0 support or better
- 64bit Host operating system (Important)
- A will to suffer intensely
Students will be provided with virtual machines for use in class. Additionally, the Advanced Windows Exploitation lab guide will be provided. An in-class "Hint System" will provide electronic distribution of all scripts, POCs, and so on.
Black Hat does NOT include the exam. This can be purchased after the Vegas class for a discount.