I've been an adjunct professor at NYU Poly for almost two years now. It's been a great experience for a number of reasons, one of which is because I'm teaching a hot topic: Vulnerability Analysis and Exploitation. The course is the next iteration of the pentest.cryptocity.net content that evolved into the CTF Field Guide by Dan Guido, Trail of Bits, and a bunch of other industry professionals. It takes a student with some minor programming knowledge and submerges them into exploitation. When the student comes out, they have successfully exploited IE on Windows 7, bypassing DEP and ASLR. It's an awesome, but sometimes overwhelming experience for every student who takes it.
Each semester I start the class off with a survey to gauge the student's experience level: No surprise here, most have little to no experience when it comes to real-world exploitation on Windows. This results in a "revamping" period for the student where they have to work extra hard getting used to WinDBG and IDA.
I wanted to create something that would help ease the students into the learning environment, and that's what FSExploitMe is; a tutorial that walks you through the basics of WinDBG and general exploitation in a browser environment.
more here..............http://blog.opensecurityresearch.com/2014/08/learning-exploitation-with-fsexploitme.html
Each semester I start the class off with a survey to gauge the student's experience level: No surprise here, most have little to no experience when it comes to real-world exploitation on Windows. This results in a "revamping" period for the student where they have to work extra hard getting used to WinDBG and IDA.
I wanted to create something that would help ease the students into the learning environment, and that's what FSExploitMe is; a tutorial that walks you through the basics of WinDBG and general exploitation in a browser environment.
more here..............http://blog.opensecurityresearch.com/2014/08/learning-exploitation-with-fsexploitme.html