Wednesday, 26 February 2014

Exploit Lab 2014 - Cansecwest, SyScan, Recon, Blackhat USA, 44CON

The Exploit Laboratory classes have been confirmed at the following conferences. This year, we are focusing more on advanced exploit development concepts, especially bypassing exploit mitigation techniques such as DEP and ASLR, Return Oriented Programming, Information Leaks and Dynamic ROP chains, and Use-After-Free bugs.

March 8-11: CanSecWest 2014, Vancouver (Intro, Advanced)

March 31-April 2: SyScan '14, Singapore (3-day Advanced)

June 23-26: Recon 2014, Montreal (Advanced, Über Advanced)

August 2-5: Blackhat USA 2014, Las Vegas (Red Team, Black Belt)

September 9,10: 44CON, London (Advanced)

Don't miss out on early bird registrations!

FREE VMware licenses for Exploit Lab at CanSecWest 2014!

Yes you read that right. A big shout-out to the friendly folks at VMware for providing FREE licenses of VMware Fusion and VMware workstation for all Exploit Laboratory students at CanSecWest 2014!

With CanSecWest less than 2 weeks away, there's still time to register for the Introduction to Exploit Development Dojo and the Advanced Exploit Development Dojo.

Those of you who have already registered for CanSecWest's dojos, contact the organizers at secwest14 [at] to reserve your free VMware licenses.

Tuesday, 11 February 2014

Exploit Lab Announcements for 2014 - CanSecWest and SyScan

2013 witnessed many radical changes, and exploit development is no exception. We have been hard at work these past two months making heavy changes to the classes. Based on the positive feedback we received at the Blackhat West Coast Trainings in December, we have made significant updates to the Exploit Laboratory classes for 2014.

Our 2014 line-up begins with two classes at CanSecWest, happening less than a month from now in Vancouver.

March 8,9: The Exploit Laboratory Introductory Dojo
March 10,11: The Advanced Exploit Lab Dojo

CanSecWest Dojos are unique. Small group and a very flexible environment to innovate and improvise as need be, followed by a high energy, high enthusiasm conference. And this year, we have a special guest instructor, Eric Liu, who shall be showing off some really fancy pure ASLR and DEP bypasses brought about from Use-After-Free bugs.

As with last year, we have a combo offering for those who wish to take both classes for a 4-day 0 to PWN overdose of exploit development experience! As usual, seats at the CanSecWest Dojos are limited, so make sure you register soon!

The next class for March is at the SyScan 2014 conference in Singapore. At SyScan, we shall be offering a special 3 day exploit development class featuring intermediate and advanced exploit development techniques.

March 31-April 2: The Exploit Laboratory SyScan '14 Edition

SyScan 2014 is also featuring an epic line up of world class speakers and talks. Be sure not to miss it!

For those of you have taken the Exploit Laboratory classes before, stay tuned for more announcements regarding really advanced content - more advanced than "Advanced". Tell your friends, spread the word, and pop by the conference to say, or have a POP/POP/RET with us!

-- Saumil Shah

Sunday, 29 September 2013

Wrapping up 2013: 4 days of Exploit Laboratory in Seattle

Exploit Development has seen many changes in the past two years. It is time to raise the bar and offer new training to meet the challenges that lie ahead in 2014. After introducing new advanced material at 44CON, we are taking a little breather to prepare for two entirely new courses set to debut at the Blackhat West Coast Trainings in Seattle from December 9-12, 2013.

We shall follow a slightly different pedagogy for the two courses. We shall focus more on learning through exercises and solving complex challenges.

First, we introduce our new "Exploit Laboratory: Red Team" class. This one is an intermediate/advanced level class covering modern day exploit development concepts - vtable overwrites, Use-After-Free bugs, Return Oriented Programming, Advanced Heap Spraying for browsers and PDF readers. The content is modeled after some of our advanced courses that we have taught in the past, except that this one has brand new exploits and a capture-the-flag round where you get to play against other teams, solving challenges on the fly. The CTF round requires you to modify tools and scripts to make things work.

Our second course is brand new. "Exploit Laboratory: Master" continues where the Red Team class leaves off. The Master class consists largely of hands-on exercises. After teaching many advanced classes, a common feedback note is that there isn't enough time for more exercises. The Master class features a number of progressively complex and challenging exploit development exercises. In addition to this, we shall introduce new topics for the first time - exploiting 64-bit applications, server side heap spraying, ROP chains for Linux and advanced compound exploits.

The Master class is designed to be an ideal extension of the Red Team class. The two courses are designed to be taken back-to-back in a 4 day format. Also, the Master class can be taken independently by anyone who has attended any of our Exploit Laboratory classes and want to sharpen their skills further.

We are excited to bring you these new classes. Putting together advanced training material is always fun, and it is as much of a learning exercise for us as it is for students taking the class. We shall be putting up new tutorials to prepare for these classes in the next few weeks.

-- Saumil Shah

Friday, 23 August 2013

EIP = 0x44444444: The Exploit Laboratory goes to 44CON!

Thanks to the wonderful support from 44CON, The Exploit Laboratory finally arrives in London! We have a 2 day advanced class featuring topics such as vtable pointer overwrites, Use-After-Free bugs, defeating DEP using Return Oriented Programming, ASLR bypass and an introduction to exploit development on Android.

Click here for the class description and registration.

This is a compact class and is filling up quite fast. We shall be sending out preparation emails to currently registered students in a week's time.

See you soon in London!

-- Saumil Shah, @therealsaumil

Thursday, 13 June 2013

A New Tutorial: Dive Into ROP - Blackhat USA 2013

Our classes at Blackhat USA 2013 are rapidly filling up. We have a new tutorial for students taking The Exploit Laboratory: Black Belt Edition.

"Dive Into ROP" is a quick look at the core concepts behind Return Oriented Programming. This tutorial is not an essential pre-requisite for our advanced exploit development class, however it would be a good idea to study Ret2LibC before attending Black Belt Edition class.

Students taking the weekend Exploit Laboratory class can also sign up for the weekday advanced Black Belt edition class as a 4-day combo package. We guarantee you won't be disappointed! Meanwhile, here is "Dive Into ROP":

And here are some more Exploit Laboratory Tutorials.

Friday, 24 May 2013

ALL NEW! Exploit Laboratory at Blackhat USA 2013

Blackhat 2013 is approaching. We have been hard at work overhauling The Exploit Laboratory and Exploit Laboratory: Black Belt classes. This year shall see a 100% overhaul of the course contents for both classes.

With feedback and observations from 6 years and over 40 classes taught worldwide, we have decided to give the classes a complete makeover.

A glimpse of what's new:

ALL NEW EXPLOITS! We are stepping up the game. Special focus shall be given to browser exploits in addition to memory corruption on databases, libraries and web servers.

USE-AFTER-FREE - New material, new methodology, heap tracing madness, in-depth exploitation.

NEW PEDAGOGY - In addition to our much appreciated hands-on style, we shall be handing out "after dark" exercises, meant for those who love to be on the leading edge. These are exercises to challenge your creating and pwnage skills. Those who complete the exercises shall get a special bonus.

ROP, ROP, ROP - Can't say it often enough. Return Oriented Programming is an essential skill required for an exploit to work these days. We have new ROP examples and new ROP recipes. We have "Dynamic ROP", the stuff used for Pwn2Own style exploits. And more.

BlackHat's regular pricing ends on May 31. Do keep in mind that The Exploit Laboratory and Exploit Laboratory: Black Belt can be combined into one 4-day mega exploit development fiesta.

Last but not least, new additions to our crew! Josh Michaels joins our crew along with my other awesome co-stars - S K and Josh Ryder. We promise a great 4 days of training, with 2013 being my 15th consecutive appearance at BlackHat.