Thursday, 30 October 2014

Black Box Bug Hunting - Introduction to Vulnerability Discovery and Exploit Development

Our brand new training class "Black Box Bug Hunting - Introduction to Vulnerability Discovery and Exploit Development" debuts at the Blackhat Trainings in Potomac, Maryland. Black Box Bug Hunting complements the Exploit Laboratory training offering by taking students through the art and craft of instrumented fuzzing to find bugs in everyday software.

Blackhat Trainings is the perfect platform to launch this 4-day intense training programme. The class follows a hands-on workshop style where the emphasis is on "learn by doing" and shall be taught to a smaller group of students. The emphasis is more on exercises and real world fuzzing scenarios. In addition to fuzzing, we shall spend an equal amount of time in analyzing crash dumps, determining exploitability, and root cause analysis through reverse engineering. For more details, read up the class description.

All essential concepts will be taught in class. However should you wish to come better prepared, we shall be posting new tutorials shortly. If you are curious about bug hunting and vulnerability discovery, this class is not one to be missed!

Oh, and one last thing. Early bird pricing ends on October 31.

Saumil Shah

Tuesday, 26 August 2014

Exploit Lab announcements - 44CON, Ruxcon/Breakpoint, Blackhat Europe, Blackhat East Coast Trainings

Presenting our training calendar for the remainder of 2014. The Exploit Laboratory trainings have been confirmed at the following events worldwide:

September 9,10: 44CON, London (Advanced)

October 6,7: RUXCON, Melbourne Australia (Intro/Intermediate)

October 14,15: Blackhat Europe, Amsterdam (Advanced)

And last but not the least, we have an all new class focusing on bug hunting and fuzzing!

"Black Box Bug Hunting - An Introduction to Vulnerability Discovery and Exploit Development" debuts at the Blackhat East Coast Trainings, Maryland, USA from December 8-11. This is a 4-day class focused more on the art and craft of bug hunting, fuzzing, reverse engineering, crash dump analysis and performing root cause analysis of exploitability.

A detailed announcement shall follow shortly.

Saturday, 9 August 2014

The Advanced Exploit Laboratory returns to 44CON

With the dust settling after Blackhat USA 2014, we are getting ready for another round of advanced exploit development training at 44CON next month.

The Advanced Exploit Laboratory at 44CON shall focus on the latest topics in exploit development - with special attention to Use-After-Free bugs, Information Leaks, Return Oriented Programming and dynamic ROP chains. The Advanced Exploit Laboratory is indeed a fast-paced class, intended for participants who already have basic exploit development experience and want to take their skills to today's cutting edge topics.

If you are joining the Advanced Exploit Laboratory at 44CON and your exploit development skills need a little warm-up, we have just the thing for you! TinySPLOIT is a tiny (30MB) VMware virtual machine running web server vulnerable to a simple stack overflow. You may download TinySPLOIT from here (mirror link). TinySPLOIT can be up and running in a few minutes. You can also read more about TinySPLOIT in our earlier blog post.

In addition to TinySPLOIT, do also check out our tutorials on How Functions Work, and Introduction to Debuggers.

See you next month in London!

Friday, 25 July 2014

TinySPLOIT - Warm-up exercise on Exploit Development

This year's Exploit Laboratory classes at Blackhat USA 2014 feature completely new content. First, we have retired Windows XP based exploits altogether from our RedTeam class. Our advanced class "The Exploit Laboratory: Black Belt" focuses on ROP, Use-After-Free, Infoleaks and 64-bit exploitation.

The Black Belt class is going to be fast paced, and we mean it! We expect all Black Belt participants to be familiar with the workings of stack overflow exploits, at a minimum.

Enter TinySPLOIT - a compact Linux virtual machine running a vulnerable web server that you can sharpen your stack overflow skills with.

TinySPLOIT is a 30MB VMware image and can be downloaded here. (mirror). SHA256 checksum: 6bd956c86846a21e713c9f5efa7cf286386d2b4aa654a3734b9ce9b6497fa59a

You can be up and running with TinySPLOIT in a matter of minutes. Boot up the VM, follow the instructions on its web page, write an exploit and get a shell! For debugging purposes, the root password is "exploitlab" :)

This shall be my 16th year in a row at Blackhat USA. This year, I shall be joined by the Exploit Lab co-developer and my dear friend S.K. who shall teach a number of new topics including 64-bit exploitation, and Eric Liu, teaching a brand new module on information leakage via 1-byte memory overwrites.

Blackhat Training prices go up on the 26th of July, so if you are thinking of registering for the courses, now's the time. See you in Las Vegas in a week!

Thursday, 3 July 2014

The Exploit Lab bids farewell to Win XP

Times are changing. Desktops all around the world bid a fond farewell to Windows XP in April 2014, and The Exploit Laboratory is no exception.

Exploits based on Windows XP shall not feature in the Exploit Laboratory any more.

After all, it doesn't make sense to learn exploit writing on a dwindling platform, does it?

The course content overhaul for Blackhat USA 2014 is complete. All exploits and examples have been revised. What was advanced content a couple of years ago has now been re-worked into our intermediate level Exploit Laboratory: Red Team class. The Exploit Laboratory: Black Belt class shall focus on present day advanced topics such as Use-After-Free exploits, Information Leaks, Compound Exploits and Dynamic ROP chains.

Our Blackhat 2014 classes are filling up fast. For those of you who have already registered, do browse through the following concepts refresher tutorials:
  1. Operating Systems: A Primer
  2. Introduction to Debuggers
  3. How Functions Work

Wednesday, 26 February 2014

Exploit Lab 2014 - Cansecwest, SyScan, Recon, Blackhat USA, 44CON

The Exploit Laboratory classes have been confirmed at the following conferences. This year, we are focusing more on advanced exploit development concepts, especially bypassing exploit mitigation techniques such as DEP and ASLR, Return Oriented Programming, Information Leaks and Dynamic ROP chains, and Use-After-Free bugs.

March 8-11: CanSecWest 2014, Vancouver (Intro, Advanced)

March 31-April 2: SyScan '14, Singapore (3-day Advanced)

June 23-26: Recon 2014, Montreal (Advanced, Über Advanced)

August 2-5: Blackhat USA 2014, Las Vegas (Red Team, Black Belt)

September 9,10: 44CON, London (Advanced)

Don't miss out on early bird registrations!

FREE VMware licenses for Exploit Lab at CanSecWest 2014!

Yes you read that right. A big shout-out to the friendly folks at VMware for providing FREE licenses of VMware Fusion and VMware workstation for all Exploit Laboratory students at CanSecWest 2014!

With CanSecWest less than 2 weeks away, there's still time to register for the Introduction to Exploit Development Dojo and the Advanced Exploit Development Dojo.

Those of you who have already registered for CanSecWest's dojos, contact the organizers at secwest14 [at] to reserve your free VMware licenses.