Saturday, 9 August 2014

The Advanced Exploit Laboratory returns to 44CON

With the dust settling after Blackhat USA 2014, we are getting ready for another round of advanced exploit development training at 44CON next month.

The Advanced Exploit Laboratory at 44CON shall focus on the latest topics in exploit development - with special attention to Use-After-Free bugs, Information Leaks, Return Oriented Programming and dynamic ROP chains. The Advanced Exploit Laboratory is indeed a fast-paced class, intended for participants who already have basic exploit development experience and want to take their skills to today's cutting edge topics.

If you are joining the Advanced Exploit Laboratory at 44CON and your exploit development skills need a little warm-up, we have just the thing for you! TinySPLOIT is a tiny (30MB) VMware virtual machine running web server vulnerable to a simple stack overflow. You may download TinySPLOIT from here (mirror link). TinySPLOIT can be up and running in a few minutes. You can also read more about TinySPLOIT in our earlier blog post.

In addition to TinySPLOIT, do also check out our tutorials on How Functions Work, and Introduction to Debuggers.

See you next month in London!

Friday, 25 July 2014

TinySPLOIT - Warm-up exercise on Exploit Development

This year's Exploit Laboratory classes at Blackhat USA 2014 feature completely new content. First, we have retired Windows XP based exploits altogether from our RedTeam class. Our advanced class "The Exploit Laboratory: Black Belt" focuses on ROP, Use-After-Free, Infoleaks and 64-bit exploitation.

The Black Belt class is going to be fast paced, and we mean it! We expect all Black Belt participants to be familiar with the workings of stack overflow exploits, at a minimum.

Enter TinySPLOIT - a compact Linux virtual machine running a vulnerable web server that you can sharpen your stack overflow skills with.

TinySPLOIT is a 30MB VMware image and can be downloaded here. (mirror). SHA256 checksum: 6bd956c86846a21e713c9f5efa7cf286386d2b4aa654a3734b9ce9b6497fa59a

You can be up and running with TinySPLOIT in a matter of minutes. Boot up the VM, follow the instructions on its web page, write an exploit and get a shell! For debugging purposes, the root password is "exploitlab" :)

This shall be my 16th year in a row at Blackhat USA. This year, I shall be joined by the Exploit Lab co-developer and my dear friend S.K. who shall teach a number of new topics including 64-bit exploitation, and Eric Liu, teaching a brand new module on information leakage via 1-byte memory overwrites.

Blackhat Training prices go up on the 26th of July, so if you are thinking of registering for the courses, now's the time. See you in Las Vegas in a week!

Thursday, 3 July 2014

The Exploit Lab bids farewell to Win XP

Times are changing. Desktops all around the world bid a fond farewell to Windows XP in April 2014, and The Exploit Laboratory is no exception.

Exploits based on Windows XP shall not feature in the Exploit Laboratory any more.

After all, it doesn't make sense to learn exploit writing on a dwindling platform, does it?

The course content overhaul for Blackhat USA 2014 is complete. All exploits and examples have been revised. What was advanced content a couple of years ago has now been re-worked into our intermediate level Exploit Laboratory: Red Team class. The Exploit Laboratory: Black Belt class shall focus on present day advanced topics such as Use-After-Free exploits, Information Leaks, Compound Exploits and Dynamic ROP chains.

Our Blackhat 2014 classes are filling up fast. For those of you who have already registered, do browse through the following concepts refresher tutorials:
  1. Operating Systems: A Primer
  2. Introduction to Debuggers
  3. How Functions Work

Wednesday, 26 February 2014

Exploit Lab 2014 - Cansecwest, SyScan, Recon, Blackhat USA, 44CON

The Exploit Laboratory classes have been confirmed at the following conferences. This year, we are focusing more on advanced exploit development concepts, especially bypassing exploit mitigation techniques such as DEP and ASLR, Return Oriented Programming, Information Leaks and Dynamic ROP chains, and Use-After-Free bugs.

March 8-11: CanSecWest 2014, Vancouver (Intro, Advanced)

March 31-April 2: SyScan '14, Singapore (3-day Advanced)

June 23-26: Recon 2014, Montreal (Advanced, Über Advanced)

August 2-5: Blackhat USA 2014, Las Vegas (Red Team, Black Belt)

September 9,10: 44CON, London (Advanced)

Don't miss out on early bird registrations!

FREE VMware licenses for Exploit Lab at CanSecWest 2014!

Yes you read that right. A big shout-out to the friendly folks at VMware for providing FREE licenses of VMware Fusion and VMware workstation for all Exploit Laboratory students at CanSecWest 2014!

With CanSecWest less than 2 weeks away, there's still time to register for the Introduction to Exploit Development Dojo and the Advanced Exploit Development Dojo.

Those of you who have already registered for CanSecWest's dojos, contact the organizers at secwest14 [at] to reserve your free VMware licenses.

Tuesday, 11 February 2014

Exploit Lab Announcements for 2014 - CanSecWest and SyScan

2013 witnessed many radical changes, and exploit development is no exception. We have been hard at work these past two months making heavy changes to the classes. Based on the positive feedback we received at the Blackhat West Coast Trainings in December, we have made significant updates to the Exploit Laboratory classes for 2014.

Our 2014 line-up begins with two classes at CanSecWest, happening less than a month from now in Vancouver.

March 8,9: The Exploit Laboratory Introductory Dojo
March 10,11: The Advanced Exploit Lab Dojo

CanSecWest Dojos are unique. Small group and a very flexible environment to innovate and improvise as need be, followed by a high energy, high enthusiasm conference. And this year, we have a special guest instructor, Eric Liu, who shall be showing off some really fancy pure ASLR and DEP bypasses brought about from Use-After-Free bugs.

As with last year, we have a combo offering for those who wish to take both classes for a 4-day 0 to PWN overdose of exploit development experience! As usual, seats at the CanSecWest Dojos are limited, so make sure you register soon!

The next class for March is at the SyScan 2014 conference in Singapore. At SyScan, we shall be offering a special 3 day exploit development class featuring intermediate and advanced exploit development techniques.

March 31-April 2: The Exploit Laboratory SyScan '14 Edition

SyScan 2014 is also featuring an epic line up of world class speakers and talks. Be sure not to miss it!

For those of you have taken the Exploit Laboratory classes before, stay tuned for more announcements regarding really advanced content - more advanced than "Advanced". Tell your friends, spread the word, and pop by the conference to say, or have a POP/POP/RET with us!

-- Saumil Shah

Sunday, 29 September 2013

Wrapping up 2013: 4 days of Exploit Laboratory in Seattle

Exploit Development has seen many changes in the past two years. It is time to raise the bar and offer new training to meet the challenges that lie ahead in 2014. After introducing new advanced material at 44CON, we are taking a little breather to prepare for two entirely new courses set to debut at the Blackhat West Coast Trainings in Seattle from December 9-12, 2013.

We shall follow a slightly different pedagogy for the two courses. We shall focus more on learning through exercises and solving complex challenges.

First, we introduce our new "Exploit Laboratory: Red Team" class. This one is an intermediate/advanced level class covering modern day exploit development concepts - vtable overwrites, Use-After-Free bugs, Return Oriented Programming, Advanced Heap Spraying for browsers and PDF readers. The content is modeled after some of our advanced courses that we have taught in the past, except that this one has brand new exploits and a capture-the-flag round where you get to play against other teams, solving challenges on the fly. The CTF round requires you to modify tools and scripts to make things work.

Our second course is brand new. "Exploit Laboratory: Master" continues where the Red Team class leaves off. The Master class consists largely of hands-on exercises. After teaching many advanced classes, a common feedback note is that there isn't enough time for more exercises. The Master class features a number of progressively complex and challenging exploit development exercises. In addition to this, we shall introduce new topics for the first time - exploiting 64-bit applications, server side heap spraying, ROP chains for Linux and advanced compound exploits.

The Master class is designed to be an ideal extension of the Red Team class. The two courses are designed to be taken back-to-back in a 4 day format. Also, the Master class can be taken independently by anyone who has attended any of our Exploit Laboratory classes and want to sharpen their skills further.

We are excited to bring you these new classes. Putting together advanced training material is always fun, and it is as much of a learning exercise for us as it is for students taking the class. We shall be putting up new tutorials to prepare for these classes in the next few weeks.

-- Saumil Shah