This course teaches common kernel exploitation techniques on modern Linux distributions (x86_x64 architecture and 3.x/4.x kernels). It provides up-to-date information on current kernel hardening implementations and exploit mitigations. It is designed for students already familiar with user-land exploitation who want to play with the heart of the OS and gain fundamental knowledge required to develop reliable and effective kernel exploits.
Read moreThis course is an extension to the kernel exploitation techniques training. It is aimed at experienced Linux kernel researches already familiar with common kernel exploitation techniques. The focus is on more advanced kernel exploitation techniques based on real life vulnerabilities and the latest kernel exploitation mitigations on x86_64. Though practical examples are specific to x86_64, most of the concepts are generic and can be applied to other architectures.
Read moreThis course starts by enumerating the Android kernel attack surface (from an LPE perspective) describing any sandboxing options that may limit this attack surface. Though the course is mostly self-contained and there's a brief refresher on arm64 architecture, attendees should be already familiar with this architecture / instruction set. The main focus is on common kernel vulnerability classes and exploitation techniques on Android.
Read moreChrome, as one of the most commonly used browsers, presents an attractive target for security researchers. Playing a major role in the Android ecosystem, Chrome browser exploitation is an essential part of traditional 1-click chains. Given the rising complexity and the number of exploitation mitigations, this training attempts to address the entry barrier into browser exploitation for novice researchers.
Read moreUnlike the Linux kernel exploitation training, this course focuses on vulnerability discovery and root cause analysis rather than developing proof of concept code for specific kernel versions and bypassing various kernel exploitation mitigations. We will discuss a few publicly available kernel fuzzing frameworks and focus on practical approaches for kernel fuzzing.
Read moreThis course is designed for novice security researchers interested in learning binary exploitation on 64-bit ARM. It assumes no previous background in binary exploitation or fuzzing. The material covered serves as a solid foundation for further vulnerability research on mobile and IoT devices. Similar to our other courses, this training is largely self-contained but assumes minimal entry requirements.
Read moreThere are generally two public trainigs sessions per year (first half of the year) in Europe or Asia. You can sign up below to receive public training schedule notifications.
For a private training contact us directly.