This course gets students to learn the process of building and debugging a memory-corruption exploit from scratch, bypassing exploit mitigations such as NX and ASLR along the way.
Our course begins with an introduction into the Arm architecture and assembly language, and how to build shellcode that can be used in exploits against Arm targets. Students then learn about the theory and practice of attacking memory-corruption exploits by finding and exploiting a stack-overflow vulnerability. We cover exploit mitigations, what they are, and how to bypass them, and how to take over the process using both ret2libc, as well as complex ROP chains to run in memory only shellcode directly in the target process.
After going through these concepts, the training covers:
- Exploiting real-world routers, including the process of how to emulate, debug and trigger vulnerabilities on real-world devices, and how to adapt exploits from one target to work on a different target, even when the devices use identical library versions.
- Exploit categories and techniques to make exploits reliable, vulnerability discovery and use of “information leaks” to stabilize memory-corruption exploits, ASLR and stack canary exploit mitigations, and how to exploit format-string vulnerabilities to bypass these mitigations.
- Heap exploitation, and using heap vulnerabilities to construct exploitation primitives to build powerful and reliable exploits, bypassing NX, ASLR and GCC’s in-built exploit mitigations, and how to exploit and construct malicious vtables to take full control of the target device.

Key takeaways
• Go from zero-to-hero, building complex memory-corruption exploits
• Build your own shellcode for Arm® 32-bit
• Debug processes and write exploits for real-world IoT devices
• Bypass exploit mitigations like ASLR, NX, Stack Canary, and so on
• Learn and use infoleaks to bypass exploit mitigations
• Reliably exploit the glibc heap and learn how to groom the heap
• Use heap-overflows to build and use exploit primitives