Module 1: Bypass and Evasion of User Mode Security Mitigations
Overview:
This module focuses on bypassing and evading advanced user mode security mitigations in Windows environments. Participants will learn techniques to circumvent defenses like Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), Control Flow Guard (CFG), Application Control Guard (ACG), and Control Flow Enforcement Technology (CET).
Topics Covered:
- Data Execution Prevention (DEP):
- Techniques for bypassing DEP protections.
- Exploiting memory corruption vulnerabilities despite DEP.
- Address Space Layout Randomization (ASLR):
- Strategies to overcome ASLR defenses.
- Techniques for predicting or leaking memory addresses.
- Control Flow Guard (CFG):
- Methods for bypassing CFG protections.
- Exploiting control flow integrity issues.
- Application Control Guard (ACG):
- Techniques for evading ACG protections.
- Strategies to achieve code execution despite ACG.
- Control Flow Enforcement Technology (CET):
- Understanding CET and its impact on exploitation.
- Methods to bypass CET protections.
Module 2: Advanced Heap Manipulations
Overview:
This module delves into advanced techniques for heap manipulations to achieve code execution, including methods for guest-to-host and sandbox escapes. Participants will explore complex heap exploitation strategies and how to bypass security mechanisms in these contexts.
Topics Covered:
- Heap Exploitation Basics:
- Overview of heap management and common vulnerabilities.
- Techniques for exploiting heap-related bugs.
- Advanced Heap Manipulations:
- Exploiting heap corruption and memory allocation vulnerabilities.
- Advanced techniques for heap spraying, heap Feng Shui, and other heap manipulation methods.
- Guest-to-Host Escapes:
- Techniques for escaping virtualized environments to execute code on the host.
- Sandbox Escapes:
- Methods for breaking out of sandbox environments.
- Techniques to bypass sandbox protections and achieve code execution.
Module 3: Disarming WDEG Mitigations and Creating Version Independence
Overview:
Participants will learn how to disarm Windows Data Execution Guard (WDEG) mitigations and create version-independent exploits for weaponization. This module covers methods to bypass WDEG defenses and techniques to ensure exploits work across different versions.
Topics Covered:
- Windows Data Execution Guard (WDEG):
- Understanding WDEG and its role in enhancing security.
- Techniques for disarming WDEG mitigations.
- Version Independence:
- Methods to create exploits that are resilient to different Windows versions.
- Techniques for crafting version-independent payloads and bypassing version-specific defenses.
Module 4: 64-Bit Windows Kernel Driver Reverse Engineering and Vulnerability Discovery
Overview:
This module focuses on the reverse engineering of 64-bit Windows kernel drivers to discover vulnerabilities. Participants will gain hands-on experience with kernel driver analysis and learn how to identify security weaknesses in kernel-mode components.
Topics Covered:
- Kernel Driver Architecture:
- Understanding the architecture and operation of Windows kernel drivers.
- Reverse Engineering Techniques:
- Tools and methodologies for reverse engineering kernel drivers.
- Techniques for analyzing driver code and discovering vulnerabilities.
- Vulnerability Discovery:
- Common types of vulnerabilities in kernel drivers.
- Methods for exploiting discovered vulnerabilities and understanding their impact.
Module 5: Bypass of Kernel Mode Security Mitigations
Overview:
Participants will learn to bypass advanced kernel mode security mitigations, including Kernel Address Space Layout Randomization (kASLR), Non-Executable (NX) memory, Supervisor Mode Execution Prevention (SMEP), Supervisor Mode Access Prevention (SMAP), Kernel Control Flow Guard (kCFG), and Hypervisor Code Integrity (HVCI).
Topics Covered:
- Kernel Address Space Layout Randomization (kASLR):
- Techniques for overcoming kASLR protections.
- Methods to predict or leak kernel addresses.
- Non-Executable (NX) Memory:
- Bypassing NX memory protections to execute code in non-executable regions.
- Supervisor Mode Execution Prevention (SMEP):
- Techniques for evading SMEP defenses.
- Exploiting SMEP to achieve code execution in kernel mode.
- Supervisor Mode Access Prevention (SMAP):
- Methods to bypass SMAP protections.
- Techniques for accessing user-mode memory from kernel mode.
- Kernel Control Flow Guard (kCFG):
- Techniques for bypassing kCFG defenses.
- Exploiting control flow integrity issues in kernel mode.
- Hypervisor Code Integrity (HVCI):
- Understanding HVCI and its impact on kernel-mode exploits.
- Methods to bypass HVCI protections and achieve kernel-mode code execution.
Note: **The topics said above are only the short blueprint of the syllabus. On the off chance that you feel that we have missed any subject, you can simply come to us and learn it, or simply call us to affirm
Call at 8010911256 | 8485846227 WebAsha Provides Best Online [Live Interactive Class] / Calssroom with practical based hands-on Offensive Security Exploitation Expert (OSEE) Training and Certification in Pune and near by area. Get Course Details, Certification Cost, Fees, Syllabus, Duration, Batch Timings, Exam Preparation, workshops in Pune, Mumbai, Delhi NCR, Noida, Gurugram (Gurgaon), Hyderabad, Bengaluru (Bangalore), India, UK, USA, UAE, Dubai, Singapore, and Australia