Currently I am working on the MVRE (Mosse Institute Vulnerability Researcher) course and my first impressions are good about that. In the main page of the course it is this.
But it does realy teach how to find and exploit 0-day vulnerabilities? In the webpage it is this:
The MVRE certification program is designed to teach students how to find and exploit vulnerabilities in software applications. Specifically, our course will equip you with the skillset necessary to carry out the following tasks:
Reviewing the content I found exercises like Use Dharma to fuzz JavaScript Arrays, Fuzz xmlwf.exe using WinAFL, Write a simple harness in C to fuzz the DLLs discovered in X software, Professionally document a reverse engineering project in Ghidra, Research the attack surface of hypervisor, Research the steps required to gain code execution from a User-After-Free exploit, Write a vulnerable program protected with ASLR+DEP+CFG and bypass the protection, and exercises harder like Write an N-day exploit for a Google Chrome vulnerability and Identify vulnerabilities in Avas.
The content it self is good but the mosse institute methodology teach you by doing yourself. It means that you must to research about the different topics to complete each exercise and in some cases it takes a lot of time complete one task. In addition the web platform does not work propertly in
Comentarios
Publicar un comentario