When we last left off in Part 3 of our series of posts on Johnny’s experience at our recent PWB in the Caribbean course, he was experiencing the highs and lows of exploit development, emerging triumphantly in the end. Part 4 picks up where we left off last time so we’ll let Johnny take it from here.
In Part 2 of our series of posts on the recent PWB in the Caribbean course, Johnny was desperately seeking an exit from the upcoming pain that is exploit development. However, he didn’t come up with an escape plan quickly enough and his tale continues in this latest diary entry.
Quite often, people tend to wonder what it’s like to experience an Offensive Security live training course. At our most recent live Pentesting with BackTrack course in St. Kitts, we had in attendance, Johnny Long of Hackers for Charity and he was good enough to keep a journal of his experiences during the course.
Every patch Tuesday, we, like many in the security industry, love to analyze the released patches and see if any of them can lead to the development of a working exploit. Recently, the MS11-080 advisory caught our attention as it afforded us the opportunity to play in the kernel and try to get a working privilege escalation exploit out of it.