I don't know from experience, but from having read others' comments as well as information about each of those courses, I believe your best bet would be the CEPT certification from InfoSec Institute

InfoSecInstitute - Advanced Hacking

On the other hand, from experience, I can tell you that neither the CEH or OSCP cover this topic in detail. I do not expect that CPTS/CPTE courses do either.

BillV

That's exactly what I'm looking for BillV. I also appreciate how quick you responded. SynJunkie, could you toss me a link towards that course? Recommended books anyone?

Thanks Syn,

I find your blog useful as well. Keep up the good work!

Kris

The first edition of Shellcoder's Handbook was co-written by Jack Koziol of InfoSec Institute. This is the textbook they use for the CEPT which will tell you what to expect from the CEPT course.

There is a second edition which does not include the efforts of Jack. They still use version one for the class. Take that for what you will as I have not done a side-by-side comparison of the 2. Anyone?!?!

As for SANS, the exploit dev course is new but is really starting to round out their ethical hacking / pen testing offerings. They are really making a big push in this area.

Hope that helps & Welcome to EH-Net,
Don

The CEPT is 3 out of the 5 days exploit development.....   The test at the end is also exploit development and reverse engineering, in order to pass you have to find and write exploits for the software services provided to you and reverse the crackme they give you.....   So you will be fuzzing and exploiting buffers heaps and format strings for 30 days after you are done with the class....

Practical test:
One windows software  (Find vulnerability, write Exploit)
One Linux software (Find vulnerability, Write Exploit)
One crackme

This cert also requires a 50 question test, which means nothing because its easy... The course itself taught by jack is a great course and you will learn loads, Just make sure you go into the course with good linux skills, also having tried to read the shellcoders handbook chapters on linux and windows overflows and heap overflows before the class... Oh yea and format string vulnerabilities. It also wouldn't hurt to go through a few reversing tutorials as well....  "Reversing with Lena" is a good series for that.... Just the first few will get you up to speed with windows reversing techniques....

As far as books go,   "Shellcoders handbook" is a must,  also the "Art of Exploitation" covers the topic in less detail and might be more digestible for someone new to the subject..

The second rendition of the shellcoders handbook just corrected some incorrect diagrams for example the memory one in the linux chapter they had upside down and I believe added some other chapters or content not relevant to what you would learn in the course... IE the windows and linux exploitation.

I took this class and passed the certification, I would suggest you take this certification and the OSCP certification as far as real world knowledge and acquiring skills while at the same time a certification.... All the other certs are mostly Fluff or general knowledge for your resume  so the HR dept of a business flag you for an interview....   Dont get me wrong, cissp will get you an interview, but stuff like the CEH  I didnt find beneficial on any level at all....


Ficti0n....

ummm art of explotation kind of glosses over C, I dont remember it being to C or ASM intensive though..... Just as long as you have an understanding of programming concepts and the basics of how a small asm program works you will be fine...   Shellcoders handbook is more intensive....   I have to say before that class I understood about 60% of shellcoders handbook and after the class I read through and understood about 90% of the shellcoders book...

A good place to start understanding ASM for me was looking at that old old book on building viruses.... little book of computer viruses it might have been called? I read through that at the same time as a linux asm book and I started understanding the stuff way more...