Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft’s defenses. In Advanced Windows Exploitation (AWE), OffSec challenges students to develop creative solutions that work in today’s increasingly difficult exploitation environment.
The case studies in AWE are large, well-known applications that are widely deployed in enterprise networks. The course dives deep into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to 64-bit kernel exploitation.
AWE is a particularly demanding penetration testing course. It requires a significant amount of student-instructor interaction. For this reason, we limit AWE courses to a live, hands-on environment at Black Hat USA in Las Vegas, NV.
This is the hardest course we offer and it requires a significant time investment. Students need to commit to reading case studies and reviewing the provided reading material each evening.
Can’t make it to Black Hat USA or need to have a large group trained from your organization? Offensive Security In-House Training can bring our Advanced Windows Exploitation course to you. Contact us to find out more.
Course includes a 72-hour exam.
Develop expert-level Windows exploits.
Live-training format with ample student-instructor interaction.
Earn your OSEE certification.
Students who complete AWE and pass the exam will earn the Offensive Security Exploitation Expert (OSEE) penetration testing certification. The OSEE exam assesses not only the understanding of course content, but also the ability to think laterally and adapt to new challenges.
The exam’s virtual lab environment has a limited number of target systems. The software within contains specific, unknown vulnerabilities. Students have 72 hours to develop exploits and document the steps taken.
The exam is hosted in a VPN-connected virtual lab environment, and requires a stable, high speed internet connection for all exam takes.
Topics covered in Advanced Windows Exploitation include:
- NX/ASLR Bypass – Using different techniques to bypass Data Execution
- Prevention and Address Space Layout Randomization protection mechanisms on modern operating systems.
- Function pointer overwrites – Overwriting a function pointer in order to get code execution.
- Precision Heap Spraying – Spraying the heap for reliable code execution.
- Disarming EMET Mitigations to gain reliable code execution
- 64 and 32 Bit Windows Kernel Driver Exploitation
- Kernel Pool Exploitation
40 (ISC)² CPE Credits
This course may qualify you for 40 (ISC)² CPE Credits after you submit your documentation at the end of the training course or pass the certification challenge.
Students should be experienced in developing windows exploits and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this security training course.
Computer Lab Requirements
You want to bring a serious laptop along. One able to run 3 VMs with ease. Please do not bring netbooks or other low resolution systems.
- VMware Workstation / Fusion
- At least 80 GB HD free
- At least 8 GB of RAM
- Wired Network Support
- USB 2.0 support or better
- 64bit Host operating system (Important)
Black Hat USA 2019 Aug 3-8
Location: Las Vegas