Pwn2Own Pre-Game

Posted by Zef CekajNew Year New Bugs

Incase you werent aware, Aaron Portnoy and I launched our training last year at Recon in Montreal. We had a great time and got some awesome feedback and suggestions. Since then we have revamped some of the material and added a new target (new bugs).
There was a lot of interest in exploitation from the previous classes (as expected, what's the fun in a bug without an exploit). We wanted to address this without dilluting the core focus of our class, as vuln-discovery centric material is not very common; we teamed up with Alexander Sotirov (@alexsotirov) and Dino Dai Zovi (@SecureTips) who offer a phenomenal course on exploitation.

The end result is a 4 day (if you choose to attend both sessions) course covering topics from vulnerability discovery and triage to exploitation of vulnerabilities and mitigation bypass.

The two-day "Bug Hunting and Analysis 0x65" training (1/31 - 2/1) will take students through a crash course in reverse engineering, vulnerability discovery, and vulnerability analysis with a focus on server-side software vulnerabilities. The two-day "Assured Exploitation" course immediately follows (2/2 - 2/3) and guides students through vulnerability analysis of browser-based memory corruption vulnerabilities and hands-on development of reliable exploits against Microsoft's Internet Explorer 8 on Windows 7. Taken together, these two complementary (continue reading...)