SANS SEC760: Advanced Exploit Development for Penetration Testers

در دوره اکسپلویت نویسی پیشرفته – SANS SEC760: Advanced Exploit Development for Penetration Testers افراد با پیش نیاز های سخت افزاری و نرم افزاری نوشتن اکسپلویت آشنا می شوند. در ادامه با Debuggerهای مختلف و ساختار اکسپلویت و شیوه کشف آن ها در برنامه های مختلف، سپس نوشتن shell codeها به روش های مختلف و روش های bypass کردن مکانیزم های امنیتی از قبیل DEP, ASLR را فرا می گیرند. با گذراندن دوره SANS 760 میتوانید مهارت اکسپلویت one-day از طریق آنالیز پچ های امنیتی به صورت کاملا حرفه‌ای فرا بگیرید. تسلط کامل در بکارگیری debugger ها و پلاگین های مختلف برای بهبود سرعت و تحقیق در مورد آسیب پذیری ها از جمله اهداف دوره SANS SEC760 است.

Date: 2019
Price: $7,870 USD
Files: PDF+VMs+Files Script
Publisher: SANS
Size: 4.99 GB
Course Authors: Jaime Geiger,Stephen Sims

SEC760.1: Exploit Mitigations and Reversing with IDA
SEC760.2: Advanced Linux Exploitation
SEC760.3: Patch Diffing, One-Day Exploits, and Return-Oriented Shellcode
SEC760.4: Windows Kernel Debugging and Exploitation
SEC760.5: Advanced Windows Exploitation
SEC760.6: Capture-the-Flag Challenge

SEC760 will provide you with the advanced skills to improve your exploit development and understand vulnerabilities beyond a fundamental level. In this course, you will learn to reverse-engineer 32-bit and 64-bit applications, perform remote user application and kernel debugging, analyze patches for one-day exploits, and write complex exploits (such as use-after-free attacks) against modern software and operating systems. The course was designed to help you get into highly sought-after positions, teach you cutting-edge tricks to thoroughly evaluate a target, and defend against even the most skilled attackers.

What You Will Learn

Vulnerabilities in modern operating systems such as Microsoft Windows 10 and the latest Linux distributions are often very complex and subtle. When exploited by very skilled attackers, these vulnerabilities can undermine an organization’s defenses and expose it to significant damage. Few security professionals have the skillset to discover why a complex vulnerability exists and how to write an exploit to compromise it. Conversely, attackers must maintain this skillset regardless of the increased complexity. SEC760: Advanced Exploit Development for Penetration Testers teaches the skills required to reverse-engineer 32-bit and 64-bit applications to find vulnerabilities, perform remote user application and kernel debugging, analyze patches for one-day exploits, and write complex exploits such as use-after-free attacks against modern software and operating systems.

You Will Learn:

How to write modern exploits against the Windows 7/8/10 operating systems
How to perform complex attacks such as use-after-free, kernel and driver exploitation, one-day exploitation through patch analysis, and other advanced attacks
How to effectively utilize various debuggers and plug-ins to improve vulnerability research and speed
How to deal with modern exploit mitigation controls aimed at thwarting success

You Will Be Able To

Discover zero-day vulnerabilities in programs running on fully patched modern operating systems
Use the advanced features of IDA Pro and write your own IDA Python scripts
Perform remote debugging of Linux and Windows applications
Understand and exploit Linux heap overflows
Write Return-Oriented Shellcode
Perform patch diffing against programs, libraries, and drivers to find patched vulnerabilities
Perform Windows heap overflows and use-after-free attacks
Perform Windows kernel debugging up through Windows 10 64-bit Build 1903
Perform Windows driver and kernel exploitation.