Vulnerability Assessment Course – Spring 2023

We are pleased to announce that the researchers of Exodus Intelligence will be providing publicly available training in person on March 28 2023 in Austin, TX.

The intermediate course, titled the Vulnerability Assessment Class, covers a wide range of vulnerability and exploitation related topics and is intended for the beginner to intermediate level practitioner. This course is intended to prepare the student to fully defend the modern enterprise by being aware and equipped to assess the impact of vulnerabilities across the breadth of the application space.

Attendees should plan to travel and arrive prior to Tuesday, March 28th. The course work will conclude on Friday, March 31st, 2023.

Seating is limited. Since this training will be in person, there are a limited number of seats available.

**Later this year we will also be offering an updated version of our popular Vulnerability Development Master Class. This course will cover advanced topics such as dynamic reverse engineering, kernel exploitation concepts, browser exploitation, mitigation bypasses, and other topics. Later this year we will also be offering our Mobile Vulnerability Exploitation Class. This class will cover advanced topics concerning mobile platforms.

Vulnerability Assessment Class

This 4 day course is designed to provide students with a comprehensive and progressive approach to understanding vulnerability and exploitation topics on both the Linux and Windows platforms. Attendees will be immersed in hands-on exercises that impart valuable skills including a deep dive into the various types of vulnerabilities exploited today, static and dynamic reverse engineering, vulnerability discovery, and exploitation of widely deployed server and client-side applications. This class will cover a lot of material and move very quickly.

Prerequisites

    • Computer with ability to run a virtual machines (recommended 16GB+ memory)

    • Some familiarity with debuggers, Python, C/C++, x86 ASM. IDA Pro or Ghidra experience a plus.

  • No prior vulnerability discovery experience is necessary

Pricing and Registration

The cost for the 4-day course is $4000 USD per student. You may register and pay below, or you can e-mail training@exodusintel.com to register and we will supply a purchase order.

 

Syllabus

Vulnerability and risk assessment

  • NDay risk and patching timelines
  • Vulnerability terminology: CVE, CVSS, CWE, Mitre Attack, Impact, Category
  • Risk assessment
  • Vulnerability mitigation

Web-based vulnerabilities

  • Basics of HTTP
    • Format of HTTP request and response, URI
    • Command Injection and Directory Traversal attacks
    • Cross-site scripting and cross-site request forgery
  • XML External Entity attacks
  • Request Smuggling
  • SQL Injection
  • Deserialization

Modules include examples of affected CVEs and practicals.

Binary exploitation

  • Basics of binaries
    • Platformns: Linux and Windows
    • x86 assembly, PE, and ELF formats
    • Stack, Heap, Dynamic modules
    • PIE, ASLR, DEP
  • Tools
    • Ghidra, WinDBG, and gdb
  • Stack buffer overflow
    • OS/Theme: Linux
    • Return to shellcode, Return to libc, Stack pivot, etc.
    • Linux-based practical and demo
  • Use after free
    • OS/Theme: Windows
    • Overview of NT Heap, LFH
    • Practical and demo

Exodus Wants to help CISA Shields Up

CISA Shields Up in response to looming Russian Cyberattacks, Exodus Intelligence wants to help

Image from wallpaperswide.com

The Cybersecurity and Infrastructure Security Agency (CISA) recently launched the #ShieldsUp Campaign to provide organizations resources and recommended actions to heighten their security posture in light of the Russian invasion of Ukraine.  Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks, and #CISA is calling on every organization – large and small – to be prepared to respond to disruptive cyber incidents.

In response to the renewed calls for the private sector to address known vulnerabilities, Exodus Intelligence is offering their N-Day vulnerability subscription for FREE through July 1st.

The N-Day Vulnerability subscription provides customers with intelligence about critically exploitable, publicly disclosed vulnerabilities on widely used software, hardware, embedded devices, and industrial control systems.  Every vulnerability is analyzed, documented, and enriched with high-impact intelligence derived by some of the best reverse engineers in the world. At times, vendor patches fail to properly secure the underlying vulnerability.  Exodus Intelligence’s proprietary research enhances patch management efforts. Subscribed customers have access to an arsenal of more than 1200 vulnerability intelligence packages to ensure defensive measures are properly implemented.

For those that are concerned about Zero-day vulnerabilities, Exodus is also offering the benefit of our Zero-day vulnerability subscription for up to 50% off for new registrations from April 1st through July 1st. Exodus’ Zero-day Subscription provides customers with critically exploitable vulnerability reports, unknown to the public, affecting widely used and relied upon software, hardware, embedded devices, and industrial control systems. Customers will gain access to a proprietary library of over 200 Zero-day vulnerability reports in addition to proof of concept exploits and highly enriched vulnerability intelligence packages. These Zero-day Vulnerability Intelligence packages, unavailable anywhere else, enable customers to reduce their mean time to detect and mitigate critically exploitable vulnerabilities.

These offerings are available to the United States (and allied countries) Private and Public Sectors to gain the immediate benefit of advanced vulnerability analysis, mitigation guidance/signatures, and proof-of-concepts to test against current defenses.

 

To register for FREE N-day Intelligence, please fill out the webform here

Sample Report

Exodus Answers Biden’s Call to Action

White House issues call to action in light of new intelligence on Russian cyberthreat

The Biden administration renewed calls Monday for the private sector to address known vulnerabilities and shore up cyberdefenses in light of a looming possibility of a cyberattack from Russia on U.S. infrastructure. “The most troubling piece,” Anne Neubeger, the White House’s deputy national security adviser for cyber and emerging technology, said, is that “we continue to see known vulnerabilities for which we have patches available” used by cyberattackers to compromise U.S. companies. The administration has repeatedly warned the critical infrastructure sector about the potential for Russia to engage in malicious cyber activity against the United States in response to the recently imposed economic sanctions.

Exodus Intelligence is answering the call

In response to the renewed calls for the private sector to address known vulnerabilities, Exodus Intelligence is offering their N-Day vulnerability subscription for FREE from April 1st through July 1st.

The N-Day Vulnerability subscription provides customers with intelligence about critically exploitable, publicly disclosed vulnerabilities on widely used software, hardware, embedded devices, and industrial control systems.  Every vulnerability is analyzed, documented, and enriched with high-impact intelligence derived by some of the best reverse engineers in the world. At times, vendor patches fail to properly secure the underlying vulnerability.  Exodus Intelligence’s proprietary research enhances patch management efforts. Subscribed customers have access to an arsenal of more than 1200 vulnerability intelligence packages to ensure defensive measures are properly implemented.

For those that are concerned about Zero-day vulnerabilities, Exodus is also offering the benefit of our Zero-day vulnerability subscription for up to 50% off for new registrations from April 1st through July 1st. Exodus’ Zero-day Subscription provides customers with critically exploitable vulnerability reports, unknown to the public, affecting widely used and relied upon software, hardware, embedded devices, and industrial control systems. Customers will gain access to a proprietary library of over 200 Zero-day vulnerability reports in addition to proof of concept exploits and highly enriched vulnerability intelligence packages. These Zero-day Vulnerability Intelligence packages, unavailable anywhere else, enable customers to reduce their mean time to detect and mitigate critically exploitable vulnerabilities.

These offerings are available to the United States (and allied countries) Private and Public Sectors to gain the immediate benefit of advanced vulnerability analysis, mitigation guidance/signatures, and proof-of-concepts to test against current defenses.

To register for FREE N-day Intelligence, please fill out the webform here

Sample Report

Vulnerability Development Courses for 2021

UPDATE: Postponed. Unfortunately due to travel restrictions related to COVID we will be postponing these trainings until February 14, 2022. We are contacting current registered students and giving them the option of a refund or credit and a guaranteed spot in our February class. We apologize to all those affected by this.

We are pleased to announce that the researchers of Exodus Intelligence will be providing publicly available training in person in early November February 2022 in Austin, TX.

In an effort to fully teach the breadth and depth of Vulnerability Intelligence and Exploitation, we have structured our offerings in the form of three distinct courses.

The intermediate course, titled the Vulnerability Assessment Class, covers a wide range of vulnerability and exploitation related topics and is intended for the beginner to intermediate level practitioner. This course is intended to prepare the student to fully defend the modern enterprise by being aware and equipped to assess the impact of vulnerabilities across the breadth of the application space.

We will also be offering an updated version of our popular Vulnerability Development Master Class. This course will cover advanced topics such as dynamic reverse engineering, kernel exploitation concepts, browser exploitation, mitigation bypasses, and other topics.

Our third offering will be our Mobile Vulnerability Exploitation Class. This class will cover advanced topics concerning mobile platforms.

Dates & Locations

All three courses will run concurrently.

  • November 1st-5th 2021, Austin, TX, USA
  • New Dates: February 14, 2022, Austin, TX, USA

Attendees should plan to travel and arrive prior to Monday, February 14th. The course work will conclude on Friday, February 18th, 2022.

Seating is limited. Since this training will be in person, there are a limited number of seats available.

Vulnerability Assessment Class

This 5 day course is designed to provide students with a comprehensive and progressive approach to understanding vulnerability and exploitation topics on both the Linux and Windows platforms. Attendees will be immersed in hands-on exercises that impart valuable skills including a deep dive into the various types of vulnerabilities exploited today, static and dynamic reverse engineering, vulnerability discovery, and exploitation of widely deployed server and client-side applications. This class will cover a lot of material and move very quickly.

Prerequisites

  • Computer with ability to run a VMWare image (recommended 16GB+ memory)
  • Some familiarity with debuggers, Python, C/C++, x86 ASM. IDA Pro experience a plus.
  • No prior vulnerability discovery experience is necessary

Syllabus to be provided in the near future.

Pricing and Registration

The cost for the 5-day course is $5000 USD per student. You may e-mail training@exodusintel.com to register and we will supply a purchase order.

We will be providing a template request form in the near future to help justify attendance to management.

Vulnerability Development Master Class

This 5 day course is designed to provide students with a comprehensive and progressive approach to understanding vulnerability and exploitation topics on both the Linux and Windows platforms. Attendees will be immersed in hands-on exercises that impart valuable skills including a deep dive into exploiting kernel and browser vulnerabilities, static and dynamic reverse engineering, 0-day vulnerability discovery, and exploitation and workarounds of current mitigations. This is a very hands on deep dive. Course will be taught by Exodus researchers.

Prerequisites

  • Computer with ability to run a VMWare image (recommended 16GB+ memory)
  • Student must be comfortable with debuggers, Python, C/C++, x86 ASM, and IDA Pro.
  • No prior vulnerability discovery experience is necessary

Syllabus to be provided in the near future.

Pricing and Registration

The cost for the 5-day course is $6500 USD per student. You may e-mail training@exodusintel.com to register and we will supply a purchase order.

We will be providing a template request form in the near future to help justify attendance to management.

Mobile Vulnerability Exploitation Class

This 5 day course is designed to provide students with a comprehensive and progressive approach to understanding advanced exploitation topics involving the Android operating system. Attendees will be immersed in hands-on exercises that impart valuable skills including a deep dive into the various types of vulnerabilities exploited today, static and dynamic reverse engineering, vulnerability discovery, and exploitation of widely deployed mobile platforms and applications. This course is highly advanced and will cover difficult materials. Course will be taught by Exodus researchers.

Prerequisites

  • Computer with ability to run a VMWare image (recommended 16GB+ memory)
  • Some comfort with debuggers, Python, C/C++, ARM ASM and IDA Pro
  • No prior vulnerability discovery experience is necessary

Syllabus to be provided in the near future.

Pricing and Registration

The cost for the 5-day course is $7500 USD per student. You may e-mail training@exodusintel.com to register and we will supply a purchase order.

We will be providing a template request form in the near future to help justify attendance to management.

Covid-19 and Travel

We understand that travel conditions are constantly changing due to Covid-19. To that end, Exodus will adjust the course if necessary. If the situation arises that requires adjustment, Exodus will release an official statement and alert all registered students. In the case of cancellation, refunds (or course credit for future offerings at student’s discretion) will be provided.

Exodus Intelligence 2016 Training Course

threat intelligenceVulnerability Development Master Class

Since our inception, Exodus Intelligence has provided training courses on a variety of advanced subjects which have consistently been filled with students from around the world. Over the last few years, we’ve hosted Master Classes in the USA, Asia, and Europe–both publicly and privately (by request).

Once again, our flagship course–the Vulnerability Development Master Class–returns with new content, taught by recognized experts. Known as some of the best in the industry, Exodus instructors are armed with real-world experience, as well as multiple Pwn2Own victories and PWNIE awards.

Read moreExodus Intelligence 2016 Training Course

Stagefright: Mission Accomplished?

Update (2015-08-13 1:16pm CST): We’ve been in contact with Zimperium and are working with them to provide coverage for detection of this flaw through their Stagefright Detector app. They have been very responsive (more so than the affected vendor) and we plan to alert them of similar flaws we’ve recently discovered.

Read moreStagefright: Mission Accomplished?

Silver Bullets and Fairy Tails

Introduction

This week we made mention on Twitter of a zero-day vulnerability we’ve unearthed that affects the popular Tails operating system. As the Tails website states:

Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to:
use the Internet anonymously and circumvent censorship;
all connections to the Internet are forced to go through the Tor network;
leave no trace on the computer you are using unless you ask it explicitly;
use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.”

This software was largely popularized due to the fact that it was used by whistleblower Edward Snowden. Since then, the OS has garnered much attention and use by a wide range of those seeking anonymity on the Internet.

Read moreSilver Bullets and Fairy Tails

A browser is only as strong as its weakest byte – Part 2

As promised, the follow up from our previous post.

Before Thanksgiving, we left off with IE9 coughing up bytes. We’ll poke it some more today and make it do a little dance for us.
Last week we managed to trick IE9 into doing an INC[ADDRESS] for us where we could specify the address. Now it is time to see how much damage we can do with just that. Since we’ll operate under the assumption that everything in the process is ASLR’d the first thing to do to is come up with a way to predict a fixed address we can safely increment. The easiest way to do that will be using an aligned heapspray. In case you’re not familiar with heapspraying, especially heap spraying in Internet Explorer, below is a quick breakdown of the basics of a heapspray.

Read moreA browser is only as strong as its weakest byte – Part 2