MVRE - CERTIFIED VULNERABILITY RESEARCHER review

 Currently I am working on the MVRE (Mosse Institute Vulnerability Researcher) course and my first impressions are good about that. In the main page of the course it is this.

 

But it does realy teach how to find and exploit 0-day vulnerabilities? In the webpage it is this:

The MVRE certification program is designed to teach students how to find and exploit vulnerabilities in software applications. Specifically, our course will equip you with the skillset necessary to carry out the following tasks:

• Identify and select high-value targets for vulnerability research
• Perform Attack Surface Identification and establish key focus areas for vulnerability research
• Employ research techniques such as fuzzing harnesses, patching diffing and OSINT research
• Triage crashes and identify the best bugs to spend energy and time exploiting
• Bypass modern exploit mitigations on Windows 11
• Develop and weaponize N-Days and Zero-Days

Reviewing the content I found exercises like Use Dharma to fuzz JavaScript Arrays, Fuzz xmlwf.exe using WinAFL, Write a simple harness in C to fuzz the DLLs discovered in X software, Professionally document a reverse engineering project in Ghidra, Research the attack surface of hypervisor, Research the steps required to gain code execution from a User-After-Free exploit, Write a vulnerable program protected with ASLR+DEP+CFG and bypass the protection, and exercises harder like Write an N-day exploit for a Google Chrome vulnerability and Identify vulnerabilities in Avas.

The content it self is good but the mosse institute methodology teach you by doing yourself. It means that you must to research about the different topics to complete each exercise and in some cases it takes a lot of time complete one task. In addition the web platform does not work propertly in