Exploit Development



Table of Contents


In this course, participants who attended the introductory course (RT433) will further deepen their knowledge and understanding of exploit research and development.

This comprehensive course is designed to turn the participants into high-level security experts. They will learn how to find critical vulnerabilities everywhere in the platforms and exploit them. This training is a must-have knowledge for anyone who aims to work as a professional hands-on performer in the security field. Participants will be given practical skills in core subjects of information security, terminology, entering systems, and protecting them and will put great emphasis on hands-on practice.

How to make the most of this course?

In order to succeed in the course, the following requirements must be met:

  • Participation in all practical laboratories
  • Self-work at home between lessons
  • Repetition of materials, self-learning, performing tasks, etc…

In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.

Target audience

  • Penetration testers
  • Security professionals and vendors
  • Research teams
  • Reverse Engineers


  • Discovering different levels of vulnerabilities including zero-day vulnerabilities
  • Understanding the methods of attacks
  • Infrastructure and system defense
  • Become familiar with APT and attacks
  • Understanding modern security mechanisms


  • Background in Malware Analysis
  • ThinkCyber Level-2 Courses



This module will introduce participants to the world of exploit development, explain the basic rules, what needs to be focused on, and how to create a neat and professional work process. This module will show the basic techniques of binary exploitation.

Technical content

  • Anatomy of a program in memory
    Process Memory
    Organization Memory stack Buffer
    Overflow Concepts and Definitions Brief on Assembly
    Registers and Data Organization
  • Stack overflow
    The Stack
    Variables Environment
    Variables Overwriting
    Function Pointers
    Stored on the Stack
    Segmentation Fault
    Error Understand
    Pointers System instructions and OP Codes Executing
    ‘\xcc’ Instruction
    Find Executable
    Crashing Executables with Programming
    Allocate Buffer Size
    Allocate Shellcode Size Stack
    Common Defense Mechanisms
    Working with NOP Find JMP
    Instructions in the Memory Writing POC Code
  • Format strings vulnerability
    Strings Leakage
    Modify the execution flow of programs
    Modify arbitrary memory locations
    Specific values assignments
    Writing larger data to the Process
    Execution in a Process


This module will raise the level of buffer overflow capabilities and present advanced and widely accepted techniques in the world of binary exploitation.

Technical content

  • Heap Overflow Heap Memory
    Section Heap Structure and Functionality
    Influence the Code Flow Hijacking in Data Overwrite Heap
    Pointers Heap
    Metadata ‘Dlmalloc’ to Change Program Execution
  • Advance overflow techniques
    Converting Strings to Little Endian Integers
    Convert Binary Integers into ASCII Representation
    Working with 32-bit Unsigned Integers
    Remote Blind Format String Remote Heap Overflow
    Attack Heap Overflows using VEH
    Heap Overflows using the UEF


This module will show the participants how to analyze the misconfigured C-code program to take advantage and write exploitation code to manipulate the system.

Technical content

  • Analyzing C Code
    Programs SUID Files
    Permissions race conditions shell
    $PATH weaknesses
    Scripting language
    Weaknesses binary
    Compilation failures Program that allows arbitrary programs to be executed
    Manipulating crontab Instructions
    Bypassing restriction
    Code of file read
    Permissions exploitindirectory permissions escape
    Restricted shells anenvironments binary
    Processes Standard Input and executes a shell command
    Exploit local
    Network Services


The following labs are part of the actual RT434 course:
  • Lab 1 C Program Memory Anatomy
  • Lab 2 Executing Instructions
  • Lab 3 Allocate Shellcode Size
  • Lab 4 Writing POC Code
  • Lab 5 Modify the Execution Flow of Programs
  • Lab 6 Hijacking
  • Lab 7 Heap Metadata
  • Lab 8 Converting Strings to Little Endian Integers
  • Lab 9 Remote Heap Overflow Attack
  • Lab 10 Exploiting Directory Permissions
  • Lab 11 Exploit Local Network Services

 Course type

This course is delivered in the following ways:

  • Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
  • In situe classroom with proctored labs and scenarios executed in our Cyberium Arena

All sessions are recorded and attendees can replay them  during 30 days. All course material is electronically made available to the participant.

 Course Group: FOUNDATION


 Hands-on / Theory MiX

The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.

1 %
Case Studies


This course prepares the participant to the following certification:

  • SEC760 (SANS)

Required EqUIPMENT

Network connection

As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.

BYOD – Bring Your Own Device

As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:

  • Audio and Video
  • 8 GB RAM
  • 200 GB Disk Space
  • Virtualization capabilities (supporting latest version of Virtualbox or similar virtual machine application)

And also a Good Headset with Mic

More Details