Thanks for the write-up Zoher...
This is Steve Sims, author of the course... Thanks to Google for alerting me about the posting! I'm happy to say that the course has now moved to a five-day version to allow for more time on the material and to include additional modules on fuzzing.
Your statement is correct, "How can you teach Windows Heap Overflows in less than one day?" The fact is simply that each vulnerability is different. You could spend several days alone on heap overflows relative to a specific OS. Unfortunately, to spend that many days on one niche topic does not serve anyone very well. The focus of the course is to go deep inside of various exploitation techniques to get you thinking outside of the box. Consider it as a bridge that the course will help you cross. You must have a passion for exploit development and leverage accordingly.
Stack overflows, both on Windows and Linux, are quite simple. There are a standard set of techniques that you will often find on Milw0rm. <-- (An awesome resource!) SEC709 gets you thinking of ways to handle the unexpected. When performing exploit development on a day-to-day basis, you find yourself with constant obstacles. SEC709 focuses on how to defeat modern OS controls such as stack canaries, Data Execution Prevention (DEP), ASLR, etc...
As for more advanced techniques, you will be forced to utilize your knowledge gained to help you think in more abstract terms. We cover several advanced techniques that should be included as part of your custom pen-testing arsenal. It is up to you to utilize your skills and think creatively. Pounding several days of advanced heap exploitation into someone's head will only leave that person mentally exhausted by day two and with a small skill set upon completion. Heap exploitation is a necessary rite of passage and we cover techniques accordingly.
The goal of the course is to get you beyond using pre-compiled pen-testing tools such as Metasploit, Core, Saint, Immunity, and to get you writing your own exploits. Of course these tools are awesome, but if you have custom applications, 3rd party developed tools, or are considering using commercial products in your environment, you need to be prepared to properly assess them. Unless you're using a public app and someone else discovered every vulnerability in the application, how can you comfortably go to production? I just couldn't sleep at night!
lol
Please feel free to contact me at
stephen@deadlisting.com if you have any questions. I'm happy to provide you with more details on the course format, topics covered, preparation materials, or any other questions you may have.
Thanks again to Don for providing such a great resource! Hope to see you all soon. I'll be around DEFCON. Buying me a beer may get you a course discount!
Regards....
Steve
Career Central : Starter cert?
