As exploit mitigations, such as Nx and stack canaries, have made binary exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity and its context dependent nature. To conquer this difficultly, the training tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises and teaching a variety of techniques to exploit the heap in any situation. After taking this training you will understand the internals of the GLibC Malloc allocator, be able to discover heap specific vulnerability classes, and pwn the heap with a variety of techniques, as demonstrated by the exploitation of a custom HTTP server stack as the final challenge.

This course will expose attendees to a live mainframe environment with hands-on lab experience. The areas explored in this course include VTAM, CICS, TSO, and Unix.

HackerOne bug hunters have earned over $100 million in bug bounties so far. Some of HackerOne customers include the United States Department of Defense, General Motors, Uber, Twitter, and Yahoo. It clearly shows where the challenges and opportunities are for you in the upcoming years. What you need is a solid technical training by one of the Top 10 HackerOne bug hunters.

Modern web applications are complex and it’s all about full-stack nowadays. That’s why you need to dive into full-stack exploitation if you want to master web attacks and maximize your payouts. Say ‘No’ to classical web application hacking. Join this unique virtual hands-on training and become a full‑stack exploitation master.

Watch 3 exclusive videos to feel the taste of this training:

Exploiting Race Conditions: https://www.youtube.com/watch?v=lLd9Y1r2dhM

Token Hijacking via PDF File: https://www.youtube.com/watch?v=AWplef1CyQs

Bypassing Content Security Policy: https://www.youtube.com/watch?v=tTK4SZXB734

We will look into how we can bypass kASLR, kLFH, and do hands-on exploitation using data-only attack, which effectively bypasses SMEP and other exploit mitigations.

This course provides a hands-on introduction to using Ghidra for software reverse engineering, taught by co-author of The Ghidra Book: The Definitive Guide. Learn how to use and customize Ghidra to fit your SRE workflow, all presented with hands-on examples and challenges.  Whether you are new to the field of reverse engineering or just new to Ghidra, this course provides you with the opportunity to explore the capabilities of this powerful open-source reverse engineering tool suite to understand how it can enhance your reverse engineering process with a focus on malware analysis.  Hands-on labs will provide flexibility for student to choose between basic and challenge assignments to ensure that everyone has something interesting to explore in context.  Our philosophy is “hands-on over hand-outs” so come prepared to actively participate in the action.  

This is not your traditional SCADA/ICS/IIoT security course! How many courses send you home with lifetime access to course updates and a $500 kit including your own PLC and a set of hardware/RF hacking tools?!? This course teaches hands-on penetration testing techniques used to test individual components of a control system, including embedded electronic field devices, network protocols, RF communications, Human Machine Interfaces (HMIs), and various forms of master servers and their ICS applications.

Dual-purpose class:

• This class teaches developers how to avoid writing implementation flaws, or detect ones that are already in their code...but it also teaches vulnerability-hunters how to find the flaws as well! So it's an epic battle between contentious developers and devious vulnerability hunters! Who will win?! Whoever most takes the lessons of this class to heart!

• Over three-dozen CVE writeups!

• This class serves as a prerequisite for a future class that will add examples on uninitialized data access, race conditions, use-after-free, type confusion, and information disclosure vulnerabilities.

This class is designed to give you all the background you need to understand how x86-64 firmware (aka UEFI BIOS) works, and what the most common security misconfigurations are.

This class teaches you how to disassemble binaries, read x86-64 assembly language, and debug black-box binaries in WinDbg and GDB.

This class teaches you about the fundamental hardware mechanisms which all operating systems, virtualization systems, and firmware *must* interact with in order to run successfully on x86 hardware.

This is the combination class that lets you take all the material(!) from the x86-64 Assembly, x86-64 OS Internals, and x86-64 Intel Firmware Attack & Defense classes at your own pace, but with full instructor support.

This 4-day online course features a practical hands-on approach to automated program analysis using machine learning.

This course starts with the ways that users and groups are influenced online, from user experience, marketing, adtech and online political campaigns through to astroturfing, online psyops, disinformation campaigns. We’ll look at the techniques and tactics used to create influence, the tools, methods and design patterns being created to detect, counter and mitigate against it, the emerging discipline of cognitive security and how it meshes with other work including information security, machine learning and geopolitics.

In this course, we will use Windows 10 RS6 x64 for all the labs and has a CTF that runs throughout the training. This course starts with the basics of Windows & driver internals, different memory corruption classes, and fuzzing of kernel mode drivers.

All action, no fluff, come to this 100% hands-on Electron & JS Desktop apps course with us and get: Lifetime access to all course materials, unlimited access to future updates, step-by-step video recordings, unlimited email/slack support from course instructors, interesting apps and more :)

All action, no fluff, come to this 100% hands-on Android & iOS hacking course with us and get: Lifetime access to all course materials, unlimited access to future updates, step-by-step video recordings, unlimited email/slack support from course instructors, Interesting apps and more :)