Unethical Hacking

Immunity's Unethical Hacking course focuses on teaching fundamentals of Windows x86 exploitation by having students write exploits! This class attempts to teach a strategic approach to attack and penetration that goes beyond "penetration testing" to model how a real attacker approaches targeting your company.

Security professionals familiar with x86 assembler, some reverse engineering, debugging, and Windows memory management will be best suited for this course. Immunity's trainers have developed a Prerequisite Evaluation for all potential students to take prior to signing up for the Unethical Hacking class. This evaluation will help ensure that this class is right for you.

For additional information, pricing quotes, or a copy of the Prerequisite Evaluation, please send an email to training@immunityinc.com.


Unethical Hacking Class Syllabus


Day 1: Intro

- Introduction to Assembly language
- Understanding stacks and memory layout
- Understanding calling conventions
- Introduction to buffer overflows
- Post-mortem analysis using Immunity Debugger
- Build your own exploits against entry-level targets using VisualSploit (challenge level: easy - medium)

Day 2: Exploit Writing

- Build your own exploits against real targets using VisualSploit (challenge level: easy - medium)

Day 3: Exploit Writing

- Build your own exploits against real targets using VisualSploit (challenge level: medium - high)

Day 4: Attack Automation Using CANVAS

Advanced usage of the CANVAS exploitation framework
- Enumerate hosts on the network
- Fingerprint found hosts on the network
- Remote Exploitation
- Client-Side Exploitation using ClientD
- Maintain persistence on compromised devices using trojans/rootkits
- Escalation of privileges via local vulnerabilities
- Build your own custom local command (in Python using the CANVAS API)
- Bounce from one compromised machine to another to get further into a network

Custom Wargame
- Find and exploit vulnerabilities in a custom web application. First to get root wins a prize!

* class syllabus is subject to change