cyberwart

At Blackhat I took Offensive Security’s Advanced Windows Exploitation (AWE) class. The class isn’t exactly what I expected but it was definitely good. Below is a brief summary of the pros and cons:

Pros:

1. All exploits were entirely real-world. There were no sample applications. Everything we exploited was a real application and it was fairly recent.
2. The class was basically exploiting one piece of software after another.
3. I learned a lot of shellcode — which has been a weakness

Cons:

1. The class largely focused on bypassing MS Windows protections. We spent a fair amount of time bypassing DEP, but we didn’t go over SafeSEH/GS. Personally, all three mitigations are about the same difficulty to bypass IMO so I didn’t understand why covering some and not others.
2. The workbook wasn’t a real-work book. It didn’t match the slides and it wasn’t exactly meant to supplement them either. It was more a solutions manual. I found this frustrating as I tend to learn by reading so I was disappointed that there wasn’t a way to read through the course.
3. The class largely used Windbg. I guess this is just a pet-peeve but I can’t stand windbg. Oddly they’d switch back and forth to Immunity or Ollydbg for various tasks.
4. They focused far too much on shellcode. I generally consider shellcode a solved problem. Sure there are  cases where you need something special but overall Metasploit does well enough for me.
5. I really wanted to do more heap fun. I know it can take a long time to do modern heap exploits and maybe it isn’t feasible for a class but a guy can dream.
6. I’d have liked to consider more generic cases — everyone says generic exploitation is dead, but sometimes it’s not. It would have been interesting to discuss what is and isn’t generically exploitable.

I’m a critic so please don’t compare the pro/con counts. I enjoyed the class and the instructor was top notch. The assistant was a little overly dramatic about a the difficulty of a simple task, but it was 4 days and lots of exploits. In my case, I didn’t learn a lot but the practice was very good. I also improved my shellcode, which seemed to be a big thing for Ryu. If exploiting real software isn’t something you do very often, I’d definitely recommend the class.

This entry was posted on Sunday, August 9th, 2009 at 1:08 am and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.