Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

SEC760: Advanced Exploit Development for Penetration Testers

SEC760Offensive Operations
  • 6 Days (Instructor-Led)
  • 46 Hours (Self-Paced)
Course created by:
Jaime GeigerStephen Sims
Jaime Geiger & Stephen Sims
Register NowCourse Preview
SEC760: Advanced Exploit Development for Penetration Testers
Course created by:
Jaime GeigerStephen Sims
Jaime Geiger & Stephen Sims
Register NowCourse Preview
  • 46 CPEs

    Apply your credits to renew your certifications

  • In-Person or Virtual

    Attend a live, instructor-led class from a location near you or virtually from anywhere

  • Advanced Skill Level

    Course material is geared for cyber security professionals with hands-on experience

Jump to:

Develop advanced exploit-writing and vulnerability research skills to discover zero-days, analyze patches, and write complex exploits while working with modern security controls and mitigations.

Featured Quote

SEC760 is a kind of training we could not get anywhere else. It is not theory, we got to implement and exploit everything we learned.
Jenny KitaichitIntel

Course Overview

Master advanced exploit development skills critical for today's threat landscape. In this intensive exploit development course, security professionals pursue modern Windows and Linux vulnerability research, reverse engineering, and sophisticated exploit development. Learn advanced fuzzing techniques, kernel debugging, patch analysis, and exploitation against modern defenses. Through hands-on exercises and real-world targets like the Windows kernel, browsers, and commercial applications, you will build practical experience developing exploits that work against hardened systems.

What You’ll Learn

  • Advanced reverse engineering techniques
  • Complex exploit development methodologies
  • Modern fuzzing and vulnerability discovery
  • Kernel debugging and exploitation skills
  • Windows patch analysis and diffing
  • Chrome V8 internals and exploitation
  • Advanced heap exploitation techniques

Business Takeaways

  • Discover zero-day vulnerabilities in programs running on fully-patched modern operating systems
  • Use the advanced features of IDA Pro and write your own IDAPython scripts
  • Perform debugging of Linux and Windows applications
  • Understand and exploit Linux heap overflows.
  • Fuzz closed-source applications
  • Unpack and examine Windows update packages
  • Reverse engineer and exploit Windows kernel drivers

Meet Your Authors

Slide 1 of 0

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in SEC760: Advanced Exploit Development for Penetration Testers.

Section 1IDA Pro, Exploit Mitigations, and Windows Kernel Debugging

This section begins working with IDA Pro to look the latest features and techniques. We look at IDA scripting to aid in your reverse engineering workflow and how to leverage AI to assist. Additionally, we cover debugging with IDA, how to create FLIRT signatures, and optimizing your build environment.

Topics covered

  • Windows Defender Exploit Guard implementation
  • Reversing and debugging mitigations in-depth
  • IDA Pro fundamentals and advanced features
  • IDA debugging capabilities
  • Lumina, FLIRT, and FLAIR

Labs

  • Analyze Windows Defender Exploit Guard configurations
  • Setting up Windows kernel debugging
  • Develop custom IDAPython scripts
  • Recreating undocumented structures in IDA
  • Reversing and debugging Windows exploit mitigations

Section 2Linux Application Exploitation

This section builds upon fundamental vulnerability knowledge to address modern attack methodologies. Participants learn to navigate and exploit heap structures, utilize format string vulnerabilities, and develop advanced exploitation strategies. Students are introduced to V8, JavaScript essentials, and exploiting a type-confusion vulnerability.

Topics covered

  • Linux heap management fundamentals
  • Off-by-One vulnerability exploitation
  • TCache poisoning techniques
  • Chrome V8 Internals
  • Introduction to JavaScript

Labs

  • Analyze heap management structures
  • Information disclosure exploitation
  • Create TCache poisoning exploits
  • Chrome V8 exploitation
  • Shellcode smuggling

Section 3Advanced Fuzzing

Participants build on basic concepts as they explore sophisticated fuzzing methodologies for vulnerability discovery, learning to implement coverage-guided fuzzing, develop custom harnesses, and utilize advanced tools like WinAFL for closed-source application testing.

Topics covered

  • Advanced fuzzing architectures
  • Code coverage analysis
  • Harness development
  • Closed-source application fuzzing
  • Full-system fuzzing implementation

Labs

  • Configure WinAFL for PDF reader analysis
  • Build custom fuzzing harnesses
  • Implement code coverage tracking
  • Execute full-system fuzzing tests
  • Analyze fuzzing results

Section 4Patch Diffing and Windows Kernels

This section covers binary diffing techniques and patch analysis methodologies. You will reverse notable Microsoft patches from the past as well as patches from 2025. Microsoft often changes the way in which patches are packaged up. We will look at various ways to optimize the patch extraction and examination process.

Topics covered

  • Microsoft patch management processes
  • Binary diffing methodologies
  • Vulnerability identification techniques
  • One-day exploit development
  • Windows kernel fundamentals

Labs

  • Extract and analyze Microsoft patches
  • Perform binary difference analysis
  • Develop one-day exploits
  • Practice kernel debugging
  • Implement exploitation techniques

Section 5Windows Kernel Debugging and Exploitation

This section teaches Windows 10 kernel debugging and exploitation techniques. Participants learn to navigate kernel complexities, analyze Ring 0 vulnerabilities, and develop working exploits while dealing with modern protection mechanisms.

Topics covered

  • Windows kernel architecture
  • Modern kernel protections
  • WinDbg debugging techniques
  • Kernel vulnerability analysis
  • Token manipulation techniques

Labs

  • Analyze driver vulnerabilities
  • Develop kernel exploits
  • Implement token stealing techniques
  • Practice information disclosure attacks

Section 6Capture-the-Flag Challenge

tbd

Topics covered

  • tbd 5 limit

Labs

  • tbd 5 limit

Things You Need To Know

Relevant Job Roles

Vulnerability Researcher & Exploit Developer

Offensive Operations

In this role, you will work to find 0-days (unknown vulnerabilities) in a wide range of applications and devices used by organizations and consumers. Find vulnerabilities before the adversaries!

Explore learning path

Red Teamer

Offensive Operations

In this role you will be challenged to look at problems and situations from the perspective of an adversary. The focus is on making the Blue Team better by testing and measuring the organization’s detection and response policies, procedures, and technologies. This role includes performing adversary emulation, a type of Red Team exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective similar to those of realistic threats or adversaries. It can also include creating custom implants and C2 frameworks to evade detection.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchasing Options?Contact Us
Filter by:
  • Location & instructor

    Amsterdam, NL & Virtual (live)

    Instructed by James Shewmaker
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,835 EUR*Prices exclude applicable local taxes
    Enrollment options
    In-Person
  • Location & instructor

    Virtual (live)

    Instructed by Alexandre Becholey
    Date & Time
    Fetching schedule..View event details
    Course price
    €8,835 EUR*Prices exclude applicable local taxes
    Enrollment options
    Virtual
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    $9,500 USD*Prices exclude applicable local taxes
    Enrollment options
    Virtual
Showing 3 of 3

Learn Alongside Leading Cybersecurity Professionals From Around The World

Slide 1 of 0

Benefits of Learning with SANS

Instructor teaching class with code in the background

Get feedback from the world’s best cybersecurity experts and instructors

Learning via laptop

Choose how you want to learn - online, on demand, or at our live in-person training events

Learning via laptop

Get access to our range of industry-leading courses and resources