The document outlines a training session led by Danang Heriyadi on advanced exploit development over four days. Topics include basic and advanced techniques such as debugging, fuzzing, stack manipulation, mitigation strategies, and shellcode development, with case studies from various CVEs. The course is aimed at enhancing skills related to exploit development and vulnerability reporting.

1. “Black Hat Courses”
Advanced Exploit Development
By :
Danang Heriyadi
< danang@hatsecure.com >
Hat Secure Training
Session 1

2. Outline Courses | Day 1
● Basic Exploit Development
– Debugging
– Fuzzing
– Direct Return
– Smashing Stack For Fun and Profit
– Case Of Study ( From CVE )
● CVE-2008-4250
● CVE-2010-2568
● Etc

3. Outline Courses | Day 2
● Advanced Exploit Development #2
– Stack Hardener or Mitigation
– Bypassing :
– Data Execute Prevention
– Structure Exeption Handler
– Safe Structure Exception Handler
– Case Of Study ( Microsoft )
● Proof Of the Concept MS12-05
● Proof Of the Concept MS12-020

4. Outline Courses | Day 3
● Advanced Exploit Development #3
– Corruption the Heap
– Heap Spraying the Software
● Internet Explorer
● Mozilla
● Etc
– Metasploit Module Development

5. Outline Courses | Day 4
● Advanced Exploit Development #4
– Single Denial Of Service
● Using Buffer Overflow Vulnerability
– Shellcode Development
● Static Shellcode
– Shellcode Injection
● PE Infection
– Reporting vulnerability

6. Are you ready?
June – July