18Jan-24

OffSec EXP-401 Advanced Windows Exploitation (AWE) – Course Review

In November of last year, I took the OffSec EXP-401 Advanced Windows Exploitation class (AWE) at Black Hat MEA. While most of the blog posts out of there focus on providing an OSEE exam review, this blog post aims to be a day-by-day review of the AWE course content. OffSec Exp-401 (AWE) During the first day of AWE, the instructors shared with us the following slide: That’s to explain the “difficulty” of the course for each day. Needless to say, your mileage may...
Posted By
18Jan-23

SANS SEC760: Advanced Exploit Development for Penetration Testers – Review

In July 2022, I took the SANS SEC 760 class in Berlin. I always promised myself and some close friends to write a review, but I didn't have the time until the Christmas break. This blog post aims to be a day-by-day review of the SANS SEC760 course content and its CTF, NetWars tournament and on-demand package. SANS SEC760 Looking at SANS's website, SEC 760 should teach skills required to reverse-engineer applications in order to find vulnerabilities, perform fuzzing and write complex exploits...
Posted By
21Jul-22

Browser Exploitation: Firefox Integer Overflow – CVE-2011-2371

In case you're wondering why I'm not posting as regularly as before, with the new year, I've finally transitioned into a fully offensive vulnerability research and exploit development role at Exodus Intelligence that fulfilled my career dream (BTW, we're currently hiring). In the last couple of months, I've worked on some exciting and challenging bugs. Hopefully, these bugs will be featured on my blog post as soon as I am allowed to share them and after the vendors issue a...
Posted By