VULNERABILITY DEVELOPMENT MASTER CLASS
Since our inception we have prided ourselves on providing training courses on a variety of advanced subjects which have consistently been filled with students from around the world. Last year, we hosted the class in the USA, Asia, and Europe, both publicly and also privately by request.
Once again, our flagship course, the Vulnerability Development Master Class, returns for 2015 and will be taught by some of Exodus’ top experts. As the class is given over 5 consecutive days, it is not for the faint of heart. Don’t let that intimidate you, though, as we have done our best to structure the course to elevate students from a basic knowledge of assembly language to learning and practicing the skills necessary to find and exploit the zero-day vulnerabilities they discover during the class. None of the software audited during the course is contrived–every target is a real application with wide market penetration in the enterprise. We believe adhering to real-world examples helps students understand, in context, the severity of the flaws they unearth.
Testimonials
“The Exodus Intel VulnDev Master Class was an exceptional, cutting-edge course for skilled VR specialists to push their skills further. It was a wonderful example of practical techniques and creativity applied to modern targets. The Exodus team focused on passing on their approach and mentality to the student, giving the student the ability to take the “Exodus approach” for their own VR work.”
“I had an amazing time during the vuln-dev course in Amsterdam. And was really disappointed when I had to go to work again the next Monday. Loved the entire course learned a lot, even popped a 0day after the course!”
“Vuln Dev Master Class delivered a shower of knowledge on finding and exploiting vulnerabilities in complex, relevant applications. It was one of the most wow-factor courses I have attended.”
“The course was excellent and the Exodus team show why they’re among the best at what they do.”
“The Vulnerability Development Master class was excellent; packed with good information, examples, and actual real world attacks and scenarios and taught by people who clearly know what they are doing.”
Dates & Locations
The dates and locations are as follows (venue information will be distributed to registered attendees):
- April 13th-17th: Austin, TX, USA
- July 6th-10th: Amsterdam, Netherlands
- September 7th-11th: Frankfurt, Germany
If we receive sufficient interest in hosting additional events the above list may expand. Reach out to us via training@exodusintel.com or on twitter via @ExodusIntel for any inquiries.
Prerequisites
We have compiled a summary of prerequisites, the abstract, dates and locations into a single PDF for reference: Exodus Intelligence Vulnerability Development Master Class.
Abstract
This 5 day course is designed to provide students with a comprehensive and progressive approach to understanding advanced vulnerability and exploitation topics. Attendees will be immersed in hands-on exercises that impart valuable skills including static and dynamic reverse engineering, zero-day vulnerability discovery, and advanced exploitation of widely deployed server and client-side applications.
Taught by some Exodus Intelligence’s leading experts, this course provides students with direct access to our renowned professionals in a setting conducive to individual interactions.
Syllabus
- Reverse Engineering
- Static Reverse Engineering
- Code Representation and Graph Theory
- Recognizing Non-Determinism
- Recognizing Data Structures
- Symbol Mining
- Harvesting Useful Code
- C++ Type Recovery
- Scripting Disassemblers
- Dynamic Reverse Engineering & Automation
- Non-Intrusive Target Monitoring
- Recovering Type Information
- Code Flow Analysis
- Symbol Recovery
- Isolating Interesting Code & Data
- Static Reverse Engineering
- Debugging
- Core Windows Userspace Concepts
- Memory Management
- Process Lineage
- Integrity Levels
- Windows Services
- Inter-Process Communication
- Local Inter-Process Communication
- Remote Process Communication
- The Windows Linker & Loader
- Exception Handling
- Core Debugger Concepts
- Attaching (Intrusive vs Non-Intrusive)
- Breakpoints
- Global Flags
- Image File Execution Options
- Scripting with PyKD
- Annoyances & Solutions
- Core Windows Userspace Concepts
- Vulnerabilities Overview & Recognition
- Recognizing Vulnerability Patterns
- Automated Discovery
- Memory Corruption
- Type Confusion
- Improper Allocations
- Arithmetic Issues
- Format Strings
- Use-After-Free
- Buffer Overflows
- Design Flaws
- Vulnerability Discovery
- Manual Auditing Processes
- Dumb Fuzzing
- “Intelligent” Fuzzing
- Ambulance Chasing
- Binary Diffing
- Client-Side Discovery Techniques
- Server-Side Discovery Techniques
- Exploitation
- Memory Manipulation & Scope
- Windows Mitigations & Bypasses
- Enhanced Mitigation Experience Toolkit (EMET)
- Bypassing EMET
- Achieving Reliability
- Post Exploitation
- Sandboxes
- Process Continuation
Pricing and Registration
The cost for the 5-day course is $6500 USD per student. You may e-mail training@exodusintel.com to register and we will supply an invoice. We have also made available this template request form for individuals to help justify attendance to management.