Talk With an Expert

SEC760: Advanced Exploit Development for Penetration Testers

SEC760Offensive Operations
  • 5 Days (Instructor-Led)
  • 40 Hours (Self-Paced)
Course authored by:
Alexandre BecholeyStephen Sims
Alexandre Becholey & Stephen Sims
SEC760: Advanced Exploit Development for Penetration Testers
Course authored by:
Alexandre BecholeyStephen Sims
Alexandre Becholey & Stephen Sims
  • 40 CPEs

    Apply your credits to renew your certifications

  • Virtual Live Instruction or Self-Paced

    Train from anywhere. Attend a live instructor-led course remotely or train on your time over 4 months.

  • 20 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Develop advanced exploit development skills to discover vulnerabilities, analyze patches, and write complex exploits while working with modern security controls.

Course Overview

This intensive course equips security professionals with advanced exploit development skills needed in today's complex threat landscape. Focusing on modern Windows and Linux systems, participants learn sophisticated techniques for vulnerability discovery, patch analysis, and exploit development. The curriculum covers essential areas including advanced fuzzing methodologies, kernel debugging, and exploitation techniques that work against current security controls. Through hands-on exercises and real-world scenarios, security professionals gain practical experience in reverse engineering applications, Chrome V8 exploitation, binary and patch diffing, and developing exploits for challenging targets like the Windows kernel and modern Linux heap.

What You’ll Learn

  • Advanced reverse engineering techniques
  • Complex exploit development methodologies
  • Modern fuzzing and vulnerability discovery
  • Kernel debugging and exploitation skills
  • Windows patch analysis and diffing
  • Chrome V8 internals and exploitation
  • Advanced heap exploitation techniques

Business Takeaways

  • Discover zero-day vulnerabilities in programs running on fully-patched modern operating systems
  • Use the advanced features of IDA Pro and write your own IDAPython scripts
  • Perform debugging of Linux and Windows applications
  • Understand and exploit Linux heap overflows.
  • Perform patch diffing against programs, libraries, and drivers to find patched vulnerabilities.
  • Perform Windows Kernel debugging
  • Reverse engineer and exploit Windows kernel drivers

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC760: Advanced Exploit Development for Penetration Testers.

Section 1IDA Pro, Exploit Mitigations, and Windows Kernel Debugging

This section begins working with IDA Pro to look the latest features and techniques. We look at IDA scripting to aid in your reverse engineering workflow and how to leverage AI to assist. Additionally, we cover debugging with IDA, how to create FLIRT signatures, and optimizing your build environment.

Topics covered

  • Windows Defender Exploit Guard implementation
  • Reversing and debugging mitigations in-depth
  • IDA Pro fundamentals and advanced features
  • IDA debugging capabilities
  • Lumina, FLIRT, and FLAIR

Labs

  • Analyze Windows Defender Exploit Guard configurations
  • Setting up Windows kernel debugging
  • Develop custom IDAPython scripts
  • Recreating undocumented structures in IDA
  • Reversing and debugging Windows exploit mitigations

Section 2Advanced Linux Exploitation

Focusing on sophisticated Linux exploitation techniques, this section builds upon fundamental vulnerability knowledge to address modern attack methodologies. Participants learn to navigate and exploit heap structures and develop advanced exploitation strategies. Chrome V8 vulnerabilities are inherently complex.

Topics covered

  • Linux heap management fundamentals
  • Off-by-One vulnerability exploitation
  • TCache poisoning techniques
  • Chrome V8 Internals
  • Introduction to JavaScript

Labs

  • Analyze heap management structures
  • Information disclosure exploitation
  • Create TCache poisoning exploits
  • Chrome V8 exploitation
  • Shellcode smuggling

Section 3Advanced Fuzzing

Building on basic concepts, this section explores sophisticated fuzzing methodologies for vulnerability discovery. Participants learn to implement coverage-guided fuzzing, develop custom harnesses, and utilize advanced tools like WinAFL for closed-source application testing.

Topics covered

  • Advanced fuzzing architectures
  • Code coverage analysis
  • Harness development
  • Closed-source application fuzzing
  • Full-system fuzzing implementation

Labs

  • Configure WinAFL for PDF reader analysis
  • Build custom fuzzing harnesses
  • Implement code coverage tracking
  • Execute full-system fuzzing tests
  • Analyze fuzzing results

Section 4Patch Diffing and One-Day Exploitation

Participants learn to analyze vendor patches for vulnerability identification and exploitation. The section covers binary diffing techniques and patch analysis methodologies. You will reverse notable Microsoft patches from the past as well as patches from 2025. Microsoft often changes the way in which patches are packaged up.

Topics covered

  • Microsoft patch management processes
  • Binary diffing methodologies
  • Vulnerability identification techniques
  • One-day exploit development
  • BinDiff and Diaphora

Labs

  • Extract and analyze Microsoft patches
  • Perform binary difference analysis
  • Develop one-day exploits
  • Practice kernel debugging
  • Implement exploitation techniques

Section 5Windows Kernel Debugging and Exploitation

This section teaches Windows 11 kernel debugging and exploitation techniques. Participants learn to navigate kernel complexities, analyze Ring 0 vulnerabilities, and develop working exploits while dealing with modern protection mechanisms.

Topics covered

  • Windows kernel architecture
  • Modern kernel protections
  • WinDbg debugging techniques
  • Kernel vulnerability analysis
  • Token manipulation techniques

Labs

  • Analyze driver vulnerabilities
  • Develop kernel exploits
  • Implement token stealing techniques
  • Practice information disclosure attacks

Things You Need To Know

Relevant Job Roles

Vulnerability Researcher & Exploit Developer

Offensive Operations

In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!

Explore learning path

Penetration Tester

European Cybersecurity Skills Framework

Assess the effectiveness of security controls, reveals and utilise cybersecurity vulnerabilities, assessing their criticality if exploited by threat actors.

Explore learning path

Red Teamer

Offensive Operations

In this role you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchasing Options?Contact Us
Filter by:
  • Location & instructor

    Virtual (OnDemand)

    Instructed by Stephen Sims & Alexandre Becholey
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,780 USD*Prices exclude applicable local taxesBuy now for access on Aug 4. Use code Presale10 for 10% off course price!
    Registration Options
  • Location & instructor

    Virtual (live)

    Instructed by Alexandre Becholey
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,230 EUR*Prices exclude applicable local taxes
    Registration Options
  • Location & instructor

    Canberra, ACT, AU & Virtual (live)

    Instructed by James Shewmaker
    Date & Time
    Fetching schedule..View event details
    Course price
    A$13,350 AUD*Prices exclude applicable local taxes
    Registration Options
Showing 3 of 3

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources