eLearnSecurity

XDS v1

Exploit Development Student

Curious about this course?

Enroll now and get access to all of our material and labs!

Plans and Pricing

INDIVIDUALS

View enrollment fees for individual students.

CORPORATE

Purchase eLearnSecurity courses for your company.

Study at your own pace

XDSv1 is entirely self-paced with interactive slides and videos that students can access online without any limitation. Students have lifetime access to both the training material and the world's best Exploit Development virtual labs, Hera Lab, and can also study from home, the office, or anywhere an internet connection is available.

Discover Contents

Extremely Hands-on

Thanks to the extensive use of Hera Lab and the wide coverage of the Exploit Development field, the XDS course is the most practical training course on the subject. Practice Exploit Development techniques against real-world software.

Discover Labs

Tailored for Beginners

XDS starts from the very basics and covers all Exploit Development fundamentals every Penetration Tester or Infosec Enthusiast should know, but it doesn’t stop there. Advanced Windows and Linux exploit development techniques, as well as anti-exploit mechanism bypasses are also covered.

Discover Contents

Course at a glance

  • Based on techniques professional exploit developers use
  • Thoroughly covers fundamental as well as advanced exploitation techniques
  • Software debugging
  • Shellcoding
  • Covers both Windows and Linux exploit development
  • Methodology on how to identify and fully exploit 0-day vulnerabilities
  • Covers bypassing modern anti-exploit mechanisms
  • Learn how to use tools like Immunity Debugger, x32dbg, Mona, Pwntools, GDB, Ropper, etc.
  • Extremely Hands-on with 19 labs and exercises
  • Obtaining the eCXD certification qualifies you for 40 CPE
  • For pentesters who want to advance their career

Course material

  • 2 hours of HQ video training material
  • 1000+ slides
  • 19 extensive Hera labs

Course delivery

  • Self-paced / HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Test drive this course for free

I agree to receive emails from Caendra Inc.

Syllabus

Section: Linux Exploit Development

  • Module 1 : Linux Stack Smashing

    • Introduces students to the basics of Linux stack overflow vulnerabilities and the required debugging toolset. Everything is covered through practical examples, from crashing a binary and identifying a stack overflow vulnerability all the way to executing user-supplied shellcode. Important Linux fundamentals that will prove useful during the rest of the course are also provided to students.
    • Includes 2 hands-on labs in our HERA Lab environment.

  • Module 2 : Linux Exploit Countermeasures & Bypasses

    • Explains the most common Linux exploit mitigations related to stack overflow exploitation, as well as the methods to bypass them. Specifically, ASLR, NX, Stack Cookie, RELRO and other exploit mitigations are covered alongside techniques to bypass them.
    • Includes 1 hands-on lab in our HERA Lab environment

  • Module 3 : Linux Return Oriented Programming

    • Explains the concept of Return Oriented Programming and how it can be used to bypass (even combined) anti-exploit mechanisms on Linux systems. After studying the provided practical examples and labs, students will be able to craft their own ROP chains.
    •Module 3 lays the foundational knowledge of ROP and you will be able to practice and deepen your ROP knowledge in the labs of the final module of this section, Module 5 - Linux Advanced Exploitation.

  • Module 4 : Linux Shellcoding

    • Teaches the process of writing Linux shellcode from scratch, including cases such as Egghunting, encoding, etc.
    • Includes 1 hands-on lab in our HERA Lab environment.

  • Module 5 : Linux Advanced Exploitation

    • Introduces Format String vulnerabilities and exploitation as well as exploit development on hardened Linux 64-bit systems. Bypassing (even combined) exploit countermeasures on Linux x64 systems, and advanced Linux x64 exploit development techniques are covered through real-world labs.
    • Includes 7 hands-on labs in our HERA Lab environment.

Section: Windows Exploit Development

  • Module 1 : Windows Stack Smashing

    • Shows basics of smashing the stack on Windows systems and presents the differences from Linux stack overflow exploitation in terms of the approach and the used toolset.
    • Includes 1 hands-on lab in our HERA Lab environment.

  • Module 2 : Windows SEH-based Overflows

    • Shows exploitation of Windows executables that abuses the Structured Exception Handling mechanism. Through a practical example students will be shown the process of going from overwriting the SEH to jumping to shellcode.
    • Includes 2 hands-on labs in our HERA Lab environment.

  • Module 3 : Windows Egghunting

    • Introduces the Egghunter shellcode to students. The Egghunter shellcode can assist exploitation when there is limited buffer space for placing user-supplied shellcode.
    • Includes 2 hands-on labs in our HERA Lab environment.
    • Includes a 3-part video series on Socket Reuse Shellcode

  • Module 4 : Unicode Buffer Overflows

    Shows the process of creating venetian shellcode and utilizing it in Unicode Buffer Overflow exploits. This technique is useful if the application changes user input in case of translation.

  • Module 5 : Windows Shellcoding

    • Teaches the process of writing Windows shellcode from scratch, including advanced, address-aware shellcode.
    • Includes 1 hands-on lab in our HERA Lab environment.
    • Includes a 3-part video series on Backdooring PE Files

  • Module 6 : Windows Return Oriented Programming

    • Introduces Return Oriented Programming on Windows and how it can be used to beat anti-exploit mechanisms on Windows 7. After studying the provided practical examples and labs, students will be able to craft their own ROP chains.
    • Includes 2 hands-on labs in our HERA Lab environment.

Download PDF Syllabus

Pre-requisites

  • Solid understanding of Windows & Linux internals
  • Basic reverse engineering skills
  • Pentesting basics
  • Basic Python scripting skills
  • Basic understanding of x86/x64 assembly and C/C++ language - Covering assembly and C/C++ programming is beyond the scope of the course
  • Knowledge of fundamental programming concepts such as variables, loops, functions, etc.

This training course is for...

  • Pentesters
  • Vulnerability Researchers
  • IT personnel / students
  • IT Security enthusiasts
  • Aspiring CTF players

Labs

The XDS course is a practice-based curriculum. Being integrated with Hera Lab, the most sophisticated virtual lab in IT Security, it offers an unmatched practical learning experience.

Hera is the only virtual lab that provides fully isolated per-student access to each of the real world network scenarios available on the platform.

Students can access Hera Lab from anywhere through VPN.

Modules will be accompanied by numerous hands-on labs, where the student will:

• Learn to apply the covered exploit development techniques

• Learn to use exploit development tools and frameworks

• Exercise software vulnerability identification and exploitation

• Learn to bypass modern anti-exploit mechanisms

• Test their skills against real-life vulnerable software

Lab IDDescriptionCategory
Lab 1 Hidden Function - In this lab, you will practice identifying and exploiting a Linux stack overflow vulnerability in a binary. You will also learn how to find reusable code within the binary to facilitate exploitation. Practical
Lab 2 Linux Basic Stack Overflow - In this lab, you will practice identifying and exploiting a Linux stack overflow vulnerability in a binary. This time you will have to find the proper payload length for precisely overwriting EIP, in addition to using your own shellcode. You will also be shown how to overcome commonly found obstacles. Practical
Lab 3 Windows Basic Stack Overflow - In this lab, you will practice identifying and exploiting a Windows stack overflow vulnerability. You will also learn how to utilize JMP ESP to land in your payload. Practical
Lab 4 Windows SEH Overflow (MP3 Studio) - In this lab, you will go through the whole process of identifying and exploiting an SEH-based stack overflow vulnerability on a Windows system, from overwriting the SEH and identifying bad characters to jumping to the shellcode. Practical
Lab 5 Windows SEH Overflow (EasyChat) - In this lab, you will go through the whole process of identifying and exploiting an SEH-based stack overflow vulnerability on a Windows system. Practical
Lab 6 Windows Egghunting (Kolibri HTTP Server) - In this lab, you will practice using Egghunting shellcode to overcome buffer space limitations while trying to fully exploit a Windows stack overflow vulnerability. Practical
Lab 7 Windows Shellcoding - In this lab, you will practice writing and executing Windows shellcode. Practical
Lab 8 Linux x64 Basic Stack Overflow - In this lab, you will practice identifying and exploiting a stack overflow vulnerability on a Linux x64 system. During the lab, you will have to find the proper payload length for precisely overwriting RIP and then execute the supplied shellcode. Practical
Lab 9 Strict Firewall Bypass (Format String Exploitation + Socket Reuse Shellcode) - In this lab, you will practice identifying and exploiting a Format String vulnerability on a hardened Linux system. You will also be shown how to evade strict firewalls by utilizing Socket Reuse shellcode. Educational
Lab 10 Linux NX Bypass (ret2libc) - In this lab, you will practice identifying and exploiting a stack overflow vulnerability on a Linux system with NX enabled. To bypass the NX mechanism, you will use the ret2libc technique. Educational
Lab 11 Linux x64 NX Bypass (ret2libc + ROP) - In this lab, you will practice identifying and exploiting a stack overflow vulnerability on a Linux x64 system with NX enabled. To bypass the NX mechanism, you will use both the ret2libc technique and ROP. Educational
Lab 12 Linux NX & ASLR Bypass (Format String Exploitation + ROP) - In this lab, you will practice identifying and exploiting a Format String vulnerability on a hardened Linux system. During the lab, you will be shown how to utilize ROP to bypass Linux ASLR and NX. Educational
Lab 13 Linux Shellcoding - In this lab, you will practice writing and executing Linux shellcode. Practical
Lab 14 Overcome ret2libc Limitations - By exploiting Linux (including x64) systems with the ret2libc technique, we can only rely on gadgets/functions existing in libc. This lab will show you how you can sometimes overcome this limitation and execute your our own shellcode by tampering with the stack’s execution state. Educational
Lab 15 Linux x64 Stack Canary, NX & ASLR Bypass - In this lab, you will practice identifying and exploiting a Format String vulnerability on a Linux x64 system with Stack Canary, NX, and ASLR enabled. During the lab, you will be shown how to bypass all those mechanisms by leaking critical contents of memory. Educational
Lab 16 Linux x64 ASLR Bypass - In this lab, you will practice identifying and exploiting a stack overflow vulnerability on a Linux x64 system with ASLR enabled. During the lab, you will be shown how to bypass the ASLR mechanism through a technique known as ret2plt and ROP. Educational
Lab 17 Fuzzing Windows Software - In this lab, you will practice identifying Windows stack overflow vulnerabilities through fuzzing. The fundamentals of fuzzing with Spike will be provided, and you will also be required to combine multiple exploitation techniques after an exploitable crash is identified. Practical
Lab 18 Windows ROP (Scenario 1) - In this lab, you will be shown how Return Oriented Programming can be used on Windows systems during exploit development to bypass anti-exploit mechanisms. Educational
Lab 19 Windows ROP (Scenario 2) - During this lab, you will practice Return Oriented Programming on Windows and how it can be used to bypass anti-exploit mechanisms. Educational

Certification

Get the eCXD Certification

eLearnSecurity's eCXD (eLearnSecurity Certified eXploit Developer) certification is the most practical and professionally oriented certification you can obtain in exploit development. Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual vulnerability identification and exploitation against real-world Windows and Linux software. The exam engagement is modeled after real-world software exploitation scenarios featuring anti-exploit mechanisms as well as other limitations.

Learn more

Instructor

  • Łukasz Mikuła
    Łukasz Mikuła

    Łukasz Mikuła is a self-taught white-hat hacker and penetration tester who enjoys both learning and sharing his knowledge with others. Upon reaching a certain level of expertise in the field of IT Security, he started working as a penetration tester for a financial institution where he performed various tasks related to penetration testing: application and network security assessment, reverse engineering and red teaming. He has many vulnerabilities submitted and accepted by vendors like IBM and Oracle, which is visible in their patch advisories. Currently, Łukasz is an IT Security Trainer and Researcher at eLearnSecurity, where he gets to share his passion and knowledge of the field to help others learn and grow in their careers. In his spare time, he is an active penetration tester and still sharpens his skills by participating in bug bounty programs, as well as helping companies and organizations building secure environments.

Enroll now and get access to all of our material and labs!

Reviews

I found the material to be challenging and informative, but the best part is content delivery. Hands down the best delivery of pentesting content I have experienced to date.

Ken Richmond
System Analyst

This course provided beginning, intermediate and advanced Penetration Testing exercises. I was able to progress at my own pace and develop a deeper understanding of this skills and knowledge to further my career in information security. I was challenged and pleased to be presented with a course that was designed with simplicity, but maintained techniques that were informative and industry guided. I refer backing to the training often to clarify my understanding. Overall the student course was sophisticated and efficient to increase my knowledge in the Penetration testing arena. I would recommend enrolling in courses provided by eLearnSecurity.

Chris Matthews

I think that eLearnSecurity course is the best course suited for the beginners in the penetration testing field. It is well made, not expensive and it will explain all the topics in a clear manner. Thanks!

Lucian Andrei

The student course is very comprehensive and covers more than the required aspects of the modules. The interface is easy to use and the videos included are very helpful in giving you a step by step guide for the more complex tasks. I would highly recommend it to anyone looking to start in penetration testing and puts you in a good position to start a career in the area of penetration testing.

Theodore Judice
Osaze Systems IT Consulting

If penetration testing is what you are looking for, then look no further than the eLearnSecurity team. The resources were second to none and the knowledge the guys have got is amazing. This is the best course that I have taken by far.

Daniel Morris

Go to top of page