Profile
Ángel Gangas is a Senior Consultant at Mandiant, part of Google Cloud, with over 10 years of experience in information security. He specializes in offensive security, designing and executing advanced attack chains, and providing specialized offensive services, covering web applications, mobile, infrastructure, networks, Red Team, and Purple Team.
He has led and executed high-complexity offensive security projects for organizations across various sectors, generating impactful technical and executive reports focused on risk, business impact, and effective remediation strategies. He is distinguished by his analytical approach, critical thinking, technical leadership, results orientation, and commitment to continuous improvement.
Certifications
- Offensive Security Certified Professional (OSCP)
- Offensive Security Certified Expert (OSCE)
- Offensive Security Wireless Professional (OSWP)
- Offensive Security Web Expert (OSWE)
- Offensive Security Experienced Penetration Tester (OSEP)
- Offensive Security Exploit Developer (OSED)
- Offensive Security Certifies Expert 3 (OSCE3)
- Certified Android Exploit Developer
- Certified Android Penetration Tester
Workshop:
Introduction to Binary Exploitation in Windows x86 Environments
This workshop provides a solid, practical, and technically deep introduction to binary exploitation in Windows x86 environments, covering the essential fundamentals needed for participants to continue progressing toward modern and advanced exploit development techniques.
Although the course is designed as an introduction, its approach goes beyond the basics, providing a comprehensive technical foundation on x86 architecture, memory management, vulnerability analysis, and exploit development. This enables attendees to truly understand the exploitation process and continue their learning independently.
During the workshop, participants will set up their lab environment, review the current state of exploit development, and gain solid knowledge about the stack, registers, execution flow control, and exploitation conditions. Through guided practical exercises, techniques such as fuzzing, buffer overflow exploitation, and Structured Exception Handler (SEH) manipulation will be applied, developing functional exploits in controlled real-world scenarios.
The course maintains an eminently practical focus, integrating theoretical fundamentals with progressive labs, allowing attendees to build a strong technical foundation for advancing to techniques like bypassing modern mitigations, ROP, and advanced exploit development.
Learning Objectives
By the end of the course, participants will be able to:
- Understand the internal workings of x86 architecture in Windows.
- Analyze vulnerabilities at the memory level.
- Apply fuzzing techniques to identify exploitable conditions.
- Develop basic buffer overflow exploits.
- Exploit vulnerabilities based on Structured Exception Handler (SEH).
- Understand the full cycle of exploit development.
Content – 16-Hour Workshop (2 Days)
- Welcome and Environment Setup
- The Current State of Exploit Development
- Module 1: Introduction
- Basic concepts of the stack, registers, and vulnerabilities
- Module 2: Fuzzing
- Exercises
- Group resolution
- Module 3: Buffer Overflow
- Exercises
- Group resolution
- Module 4: Structured Exception Handler (SEH)
- Exercises
- Group resolution
- Closing the workshop
- How to deepen your knowledge?
Target Audience
- Advanced students in computer science and security.
- Pentesters and security analysts.
- Cybersecurity professionals interested in binary exploitation.
- Security researchers.