Trainings 2019 @OffensiveCon

Linux Kernel Exploitation Techniques by Vitaly Nikolenko

This course teachers common kernel exploitation techniques on modern Linux distributions (x86_x64 architecture and 3.x/4.x kernels). It provides up-to-date information on current kernel hardening implementations and exploit mitigations. It is designed for students already familiar with user-land exploitation who want to play with the heart of the OS and gain fundamental knowledge required to develop reliable and effective kernel exploits. The course is structured as several theory modules (providing the necessary background material), followed by hands-on lab exercises demonstrating learned concepts in practice. Read more...

The ARM IoT Exploit Laboratory by Saumil Shah

"There's an Intel on every desktop, but an ARM in every pocket." The Internet of Things (IoT) universe comprises largely of ARM based systems. The ARM IoT Exploit Laboratory brings you an intense 4-day course featuring a practical hands-on approach to exploit development on ARM based systems. This class is perfectly suited for students who are keen to dive into the world of modern ARM exploit development. Read more...

Windows Kernel Rootkits: Techniques and Analysis by Bruce Dang

This course is tailored for malware analysts, system developers, forensic analysts, incident responders, or enthusiasts who want to analyze Windows kernel rootkits or develop software for similar tasks. It introduces the Windows architecture and how various kernel components work together at the lowest level. It discusses how rootkits leverage these kernel components to facilitate nefarious activities such as hiding processes, files, network connections, and other common objects. As part of the analytical process, we will delve into the kernel programming environment; we will implement some kernel-mode utilities to aid our understanding. Read more...

Browser Exploitation by Samuel Groß

Modern web browsers pose a challenging and attractive target for security researchers. However, with ever growing codebases and increasing code complexity, the barrier to entry for security research in this area has been rising as well. This training is designed to prepare students for a successful entry into this field. Students will learn to identify, analyze, and exploit vulnerabilities in the context of a renderer process. Through various hands-on exercises, students get practical experience and gain a good understanding of the respective code bases. Excercises will be designed for Chrome and Firefox, although most of them can also be completed on Edge and/or Safari. Read more...

Windows Internals for Reverse Engineers by Alex Ionescu

Learn the internals of the Windows NT kernel architecture, including Windows 10 “Threshold 2” and “Redstone 1”, as well as Server 2016, in order to learn how rootkits, PLA implants, NSA backdoors, and other kernel-mode malware exploit the various system functionalities, mechanisms and data structures to do their dirty work. Read more...

Advanced Android Exploitation by Benjamin Watson

The Android ecosystem is vast and complex. The entanglement of handsets, original equipment manufacturers, frameworks, and third-party applications, materialize in an extensive attack surface. Additionally, it leads to the proliferation of vulnerabilities as well as a learning curve for those interested in Android security research in general. Read more...

Binary Literacy: A Systematic Introduction to Static Reverse Engineering by Rolf Rolles

This four-day course contains a thorough introduction to static reverse engineering, the act of deriving meaning from assembly language code simply by reading it. The course has been heavily classroom-tested, having been taught over two dozen times. Read more...

iOS 11/12 Kernel Internals for Security Researchers by Stefan Esser

For the last few years we have taught iOS and OS X/MacOS kernel security and exploitation to a wide variety of students. Techniques and vulnerabilities discussed in our training have been instrumental in the creation of several public jailbreaks between iOS 7 and iOS 10. And also several techniques used in the very latest public jailbreaks are covered in our trainings. Our previous trainees can also be seen reporting vulnerabilities to Apple these days and a few of them even work for them these days. Read more...

Advanced Fuzzing and Crash Analysis by Richard Johnson

This class is designed to introduce students to the best tools and technology available for automating vulnerability discovery and crash triage with a focus on delivering a practical approach to applying this technology in real deployments at any scale. Read more...