InfoSec Advanced Ethical Hacker Training

I recently attended a training course on Advanced Ethical Hacking hosted by InfoSec Institute. The course was instructed by none other than Jack Koziol (Shellcoder's Handbook). For anyone not familiar with this book, it basically outlines( in great detail) the process and concepts of finding and exploiting security vulnerabilities. I was very surprised by the level of detail of the course content, which focused primarily on exploit coding, finding 0days, and reverse engineering software. For anyone looking to learn the ins and outs of buffer overflows, format string overflows, heap overflows, vuln identification, and exploit writing this course was excellent.

The labs and optional capture the flag activities are the bread and butter of the course. This hands on approach to teaching effectively bridges the gap between conceptual understanding and functional application of said concepts. For example, after learning how to use debuggers (OllyDbg, SoftIce, and IDAPro) and identify conditional patterns in assembler code, the labs guided students through defeating and permanently disabling the registration messages in mIRC (older version, latest version was bonus). This involved the use of SoftIce as well as a binary editor called Hiew (hacker view). The lab was challenging and fun, and you get a real sense of gratification when you've reached your objective; as though you've done something (for lack of a better word) l33t ;).

Going into the course I had a very basic understanding of finding client side software vulnerabilities and exploiting them, after attending this training course I have a new level of confidence that I could do this in a live application penetration test. Highly endorse this one for anyone in this line of work looking to expand their knowledge of client side and remote vulnerabilities.