Hell Day 2 aka Corelan Win 32 Exploit Dev Bootcamp Day 2

Wow, we didn’t get out until 2am and everyone looked exhausted or defeated. hah! No really, day 2 was really fast paced. We covered tons of stuff (e.g. tons of seh and advanced mitigation bypass, writing metasploit modules, browser and heap stuff) and as I stated in the post about day 1, you really need to have some idea of what you are doing. Diving deep into Mona.py and the powerful features of Windbg (providing that your machine doesn’t crap out or you cant download your symbol files correctly sighs). However, you don’t have to be a pro at this stuff, it helps but not necessary. Corelan was/is a great teacher, and the teaching assistants were great; it is rare to have a great teacher and a course where the aids know quite a bit about the topics. He even went further to mention his site and forums, as well as the special forums we get as students of the course; if access to the special forums is the only thing you get from this class then that is enough. Lincoln and _sinner were great aids and helped me out a bit during the course with little tidbits. It was also nice to know that some of my ExDev “habits” were shared with them. haha!

Take away from the entire training:
I have made a commitment to myself to work on 1 exploit a week. These will be taking various things from MSF and Exploitdb and converting them to python and hopefully msf. I will hopefully make a blog or two about my experiences and progress. Also, during this time I will be focusing back on OSCE and hopefully by November or December I will sit for the test. Corelan really stressed the fact that he worked on 2 exploits a week to keep at this stuff, because it is not his day job. Which really shocked me, but gave me motivation. It is amazing how much I have learned in this course and even though it was a rough course I would take it again. In fact I may depending on my schedule and financial responsibilities, in a year or so, just to see where I am. This course will definitely teach you how to think and basic troubleshooting of your code. He also provided a few scripts to help with different things ( outside of what mona can do). muahahah! I think the biggest thing I got from this course is not giving up! I got really frustrated when things were landing right in my exploits, but taking a step back and looking at my mistakes really taught me to just be patient and it is probably something simple that I am missing.

If you have a chance to take the course, you wont regret it. Oh, stop using NOPs in your exploit. haha! Prepare for pain and long nights. Have a beer or a few shots to calm your nerves and don’t give up.

Back to DerbyCon!!!

DerbyCon + Corelan Win32 Exploit Dev Bootcamp Day 1 = OMG!

I am having such a killer time at DerbyCon. It has only been a day and I have already met new people and am seeing a lot of familiar faces from last year. I love small cons, mainly this one, because no one seems to have an ego here and everyone is just chill. I highly recommend coming out to DerbyCon if you have a chance. Also, remember to try the Burbon Beer from the Sway lounge, its my fav.

Anyway, the real reason for this post. The Corelan bootcamp is everything I thought it would be. We went from 0-60 in no time. We started at 830am and didn’t finish until Midnight, mostly because everyone in class was dead tired and couldn’t finish the last module of day 1. The first exploit lab has a lot of gotchas that will challenge the way you think; no its not your typical FTP server exploit. He really stressed about all the bad habits we n00bs learn from just doing random tutorials around the interwebs. Its crazy, how many times I have done exploits using ‘NOPS’ and the first thing he says in class is ” NOPS are for lazy a*holes” and then started to explain to us why we shouldn’t use them. However, there is a place and a time where you can use them, but the majority of the time you shouldn’t use them. Troubleshooting your programs is a more efficient way to learning and challenging yourself. I have noticed that the more I am moving into Exploit Dev there are a 1000 ways to skin a cat and now I am trying to soak in all the information. I would say that if you have followed his tutorials  then you should have a good understanding of how basic Stack Based overflows work. However, I would go over the material a few times, and actually attempt to do the higher level stuff (e.g. Heap, SEH, DEP, and ASLR). I would not be scared to take the class, even though it is a difficult class, Corelan does a really good job of explaining the material and making sure you are understanding the fundamentals. Sometimes, we as n00bs, just follow directions and really have no idea why we are doing certain things. Corelan spent a good chunk of day 1 covering the basics before we jumped into labs.


p>If you are thinking about taking the the OSCE or the AWE, I would definitely figure out a way to take Corelan’s course first. I already feel a lot more comfortable doing Exploit Dev and working in a debugger. Of course even to sign up for the OSCE I would suggest that you know your way around the debugger, but its nice to know that all my practice is really helping. Again, I would not be scared to take this course if you are just starting out. I think going through the many tutorials on the Net and his tutorials will really give you a great start. However, I would say know python or at least be familiar with it.  My plans are to work through this course material and then jump back into OSCE mode.

Anyway, I am going to grab breakfast and get ready for Day 2 aka “Hell Day 2”.