1. Training
  2. Education & Training Catalog
  3. Offensive Security
  4. Advanced Windows Exploitation

Advanced Windows Exploitation

Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft's defenses. In Advanced Windows Exploitation (EXP-401), OffSec challenges students to develop creative solutions that work in today's increasingly difficult exploitation environment. The case studies in AWE are large, well-known applications that are widely deployed in enterprise networks. The course dives deep into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to 64-bit kernel exploitation. AWE is a particularly demanding penetration testing course. It requires a significant amount of student-instructor interaction. Therefore, we limit AWE courses to a live, hands-on environment at Black Hat USA in Las Vegas, NV. This is the hardest course we offer and it requires a significant time investment. Students need to commit to reading case studies and reviewing the provided reading material each evening. Can't make it to Black Hat USA or need to have a large group trained from your organization? Offensive Security In-House Training can bring our Advanced Windows Exploitation course to you. Contact us to find out more.

Course Overview

Overall Proficiency Level
4 - Expert
Course Catalog Number
EXP-401
Course Prerequisites

Students should be experienced in developing windows exploits and understand how to operate a debugger. Familiarity with WinDbg, Immunity Debugger, and Python scripting is highly recommended. A willingness to work and put in real effort will greatly help students succeed in this security training course.

Training Purpose
Functional Development
Skill Development
Specific Audience
All
Delivery Method
Classroom
Course Location

3950 South Las Vegas Boulevard
Mandalay Bay
Las Vegas, NV 89119

Course Location Map
  • Your Location
  • Providers
  • Courses
  • Course and Provider Quantity
  • Classroom

Learning Objectives

NX/ASLR Bypass Using different techniques to bypass Data Execution Prevention and Address Space Layout Randomization protection mechanisms on modern operating systems. Function pointer overwrites. Overwriting a function pointer in order to get code execution. Precision Heap Spraying. Spraying the heap for reliable code execution. Disarming EMET Mitigations to gain reliable code execution 64 and 32 Bit Windows Kernel Driver Exploitation Kernel Pool Exploitation

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Exploitation Analysis
  • Vulnerability Assessment and Management

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: