Writing exploits on modern Windows based platforms over the years has become a complex dance of memory manipulation to circumvent modern mitigations Microsoft has put in place. Offensive Security's Advanced Windows Exploitation Techniques (AWE) is a penetration testing course that challenges you to develop creative solutions that work in today's increasingly difficult exploitation environment.
Covering techniques ranging from precision heap reallocation, to DEP, ASLR, CFG, and ACG bypass, virtual machine escape, real-world 64-bit kernel exploitation and sandbox escape, in a hands-on lab focused environment, AWE makes a point of introducing a concept and then allowing you to work through a case study applying what you learned, with multiple instructors on hand for help with any problems. The case studies covered include security vulnerabilities discovered by our research team or exploits written by Offensive Security. This AWE course can help you learn how to analyze software vulnerability, detect problematic code, and develop a functional exploit for multiple Windows operating systems.
- NX/ASLR Bypass – Using different techniques to bypass Data Execution
- Prevention and Address Space Layout Randomization protection mechanisms on modern operating systems.
- Function pointer overwrites – Overwriting a function pointer in order to get code execution.
- Precision Heap Spraying – Spraying the heap for reliable code execution.
- Disarming EMET Mitigations to gain reliable code execution
- 64 and 32 Bit Windows Kernel Driver Exploitation
- Kernel Pool Exploitation
Advanced Windows Exploitation is NOT an entry level course. We expect students to have previous exploitation experience in a Windows environment and understand their way around a debugger. Additionally, to get the most out of the class you will want to spend time in the evenings working through case studies and reviewing the provided reading material. This is the hardest course Offensive Security offers.
Students should be experienced in developing windows exploits and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this security training course.
You want to bring a *serious* laptop along--one able to run 3 virtual machines with ease. Please do not bring netbooks or other low resolution systems.
- 64-bit host operating system (Important)
- Administrative access to the host operating system
- VMware Workstation / Fusion version 14 or newer
- CPU must support SMEP, VT-x/EPT and IOMMU
- At least 100 GB HD free
- At least 16 GB of RAM and 4 cores
- Wired network support
- USB 2.0 support or better
Students will be provided with virtual machines for use in class. Additionally, the Advanced Windows Exploitation lab guide will be provided. An in-class "Hint System" will provide electronic distribution of all scripts, POCs, and so on. ***PLEASE NOTE*** @Hack does NOT include the exam. This can be purchased after the class for a discount.