Cатсн²² (in)sесuяitу / ChrisJohnRiley

SANS SEC:709 – Developing Exploits for Penetration Testers – Day 2

I didn’t get a chance to post up my thoughts on the second day of the SEC:709 class before leaving London, so here’s a quick recap of the second day.

Today we began looking at the Windows side of exploit writing. Although in theory things are slightly harder with Windows exploitation than with Linux (at least at the level we were working at), things seemed to click on the second day. Whereas the first day was new concepts mixed with exercises to show how things work, the second day looked at the same points made in day 1 from a Windows standpoint. The examples were a chance to review some points from day 1 in a new light, and introduce some new points. The day was finished off with a Capture the Flag. Most people managed to get a couple of flags at least, but with the limited time, and a raging brain ache from “drinking from the fire-hose” so to speak, it was slow going. One person managed to get almost all the flags, which was impressive given the time spent learning these points. I guess with some more reviewing of the topics and some practice, I’ll be able to get the hang of this mystical side to penetration testing and security research.

Overall the course was very fun. As it’s a 700 level course (from my understanding SANS does 400, 500, 600 and now 700 level courses. 400 being the basics, through to 700, which is, more than a little advanced) so you get what you ask for. It’s high-tech from moment 1, and the pace is fast and furious. It’s not one of those courses where you can get into class 10 minutes late from lunch and still catchup. If you miss a concept, then everything that follows will be that much harder to grasp. Stephen Sims (the class author and the teacher for the London class) is looking to take the class to 4 days. I think this would make the concepts easier to grasp, as more time could be spent in labs to drill the concepts into your head. One of the other facilitators (class helpers, of which I was lucky enough to be one) said that the 4 day course should be the contents from days 1 and 2 repeated twice ;). Still Stephen said he wants to put more into the 4 day course. So keep your eyes peeled for that in the near future.

Overall my time in London was great. I managed to meet some really smart people, and the SANS Christmas dinner was really fun. Working as a facilitator for a SANS conference is fun, but a lot of work. If you’re thinking of try it out, expect a lot of >12 hour days, and bleeding fingers. Still, from my experiences it’s 100% worth it. Just getting a chance to work with the SANS instructors and staff is reward enough. If anybody will be attending the upcoming SANS Munich 2009 (June/July time) then looking for a stressed and tired looking facilitator, it’ll probably be me…