Good friend and former NoVA Blogger Georgia Weidman of Bulb Security LLC will be giving a one day online class covering exploit development next month for $100. Several years ago when Georgia was just starting out I took her instruction of the Metasploit Unleashed class. She helped me pop my first box and I haven’t looked back since.
Anyway, we worked out a special deal for NoVA Infosec readers that gets you 25% off her next exploit development class on May 9th and 11th … bringing the total cost down to ONLY $75! Use the “Buy Now” link below to get this special price.
Here’s some more information about Georgia’s May exploit development class…
In this 1 day class we will study introductory exploit development for Windows and Linux platforms. Though at the end of one day you won’t be ready to write the latest iOS jailbreaks, this course will put the fundamentals in place to get to that point in later classes. In class you will gain hands on experience finding vulnerabilities, writing working exploits from scratch, and porting public exploit code to meet your needs. We will cover stack based buffer overflows, structured exception handler overwrites, as well as touching on bypassing anti-exploitation techniques such as DEP and ASLR. We will look at public exploit code and porting it to fit our environment’s needs. We will also look at writing Metasploit modules and porting our exploits into Metasploit modules. Hands on labs for both Windows and Linux will be covered. Additional exploitable programs will be included for after class practice. No programming experience is required. We will begin with exploit skeletons in Python and focus our efforts in creating working exploit strings.
- Stack based buffer overflows
- SEH Overwrites
- DEP and ASLR stopping our exploits
- Porting a public exploit to another platform
- Writing a simple Metasploit module
- Porting an exploit into Metasploit
What You Get
- One full day of online instruction.
- Fully configured victim virtual machine downloads (Windows trials and Linux) for use in the class.
- Additional exploitable binaries will be included on the Windows and Linux virtual machines for practicing the skills covered after class.
- Access to the instructor to answer questions about the material during and after the course
- Slides, exploit skeletons, and other course material
Thursday May 9, 2013 or Saturday May 11, 2013 from 9am Mountain Time to 5pm Mountain Time (so 11 to 7 Eastern and 8 to 4 Pacific etc.) The same material will be covered both days; you only need to come to one class. I am running it twice to try to accommodate being able to take time off of work to do this, and those who aren’t lucky enough to have a job that counts my class as real training.
Note: Time zones are lousy for everyone. For this iteration of the class I’m doing my best to make it accessible for everyone in the Americas. There will be future classes that will be at times better suited to other regions. That said if you are a night owl or morning person you are welcome to join the class from anywhere in the world.
Online! The class will be held using GoToWebinar. There is a free client download for Windows and Mac. Like most useful things it isn’t supported on Linux unfortunately. You will able to see me, hear me, and see my screen as I demonstrate the hands-on material.
How it Works
A week before the class I will upload 2 victim virtual machines for students to download. These will be compressed to make the download as small as possible but you can still expect about 500MB-1GB total. So if you have a slow connection you might not want to wait till the night before. You will host these victims and a Backtrack 5 R3 attack virtual machine on your own machine using VMware or Virtual Box. You will be able to follow along with everything covered in class on your virtual machines. Additionally there will be independent exercises during the course using your virtual machines. You will also receive a meeting invite to join the live portion of the class. The day of class you choose to attend, log in to the GoToWebinar session.
- Backtrack 5 R3 virtual machine. It can be downloaded here.
- About 10 gigs of free space for victim virtual machines that will be provided by the instructor
- VMware or Virtual Box (free and/or trial versions are available)
About the Instructor
Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at top conferences around the world including Shmoocon, Blackhat, Hacker Halted, and Bsides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security, culminating in the release of the Smartphone Pentest Framework (SPF) which allows pentesters to assess the security of mobile devices in an environment.
Be sure to put in your correct email address when you purchase the class. That is the email I will use to communicate class details with you. I will communicate with you within 24 hours of your sign-up confirming your registration. One week before the class you receive meeting and virtual machine information. If you do not receive communication check your spam folder.
Today’s post pic is from Defend Hackers. See ya!