Exploit Development

Or log in to access your purchased courses

Exploit development course intro from Joseph McCray on Vimeo.

COURSE DETAILS

Exploit development

EXPLOIT DEVELOPMENT COURSE DESCRIPTION

This workshop takes participants from relatively little exposure to the subject of exploit development. We begin the class with lower level, easy to grasp topics and then expand on those rapidly throughout the day.

For Students with a limited programming background and experience, worry not! Templates are provided for each exploit with the intent being to cut down on the raw programming time in class, and instead focusing more on the methodology and mindset that goes into writing these different exploits.

Here are some of the topics to look forward to:

  • Stack Overflows
  • Abusing Structured Exception Handlers on Windows
  • Shellcoding Tricks (Negative jumps, egghunters, fragmented shellcode)
  • Browser Exploits
  • PDF Exploits
  • ROP Exploits

WHO WOULD BENEFIT

Advanced IT Security Professionals (deep technical), IT Security Assessors (Penetration Testers), Application Developers, Intrusion Analysts

PREREQUISITES

Ethical Hacking experience

Modules

Avatar
Course By

Joseph McCray

Lessons

Lab 1: OllyDBG Basics

Author: Joseph McCray

Once OllyDbg has been opened, the first thing you will want to do is to access the target application you want to analyze within the debugger. There are two main primary ways to achieve this:    * By opening the target executable from disk using the File->Open menu option, or    * By attaching to an already [...]

Lab 2: OllyDBG Layout

Author: Joseph McCray

3. Use the File->Open menu option to open up vulnserver.exe. From left to right, the columns in this pane show: the memory address of each instruction, the hexadecimal representation of each byte that comprises that instruction (or if you prefer, the “opcode” of that instruction), the instruction itself in X86 assembly language, shown (by default) [...]

Lab 3: Assembly Code Basics

Author: Joseph McCray

This section is broken it up into a number of sub-sections as follows:    * Syntax and Endian-ness    * Registers and flags    * The stack    * Assembly Instructions 3a: Syntax: OllyDbg, by default, uses the MASM syntax. In MASM syntax the destination for an instruction comes first and the source second. As an example, the [...]

Lab 4: Connecting To A Socket

Author: Joseph McCray

Start --> Run --> cmd --------------------- nc -l -vv -p 9999 IDLE import socket buffer = '\x41' * 3000 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('127.0.0.1', 9999)) s.send(buffer) s.close()  

Lab 5: Vulnerable Server

Author: Joseph McCray

Double-Click and run "vulnserver.exe" Start --> Run --> cmd --------------------- nc localhost 9999 Type 'HELP' Then type 'EXIT'   Open 'simple-fuzzer1.py' in Notepad++ - Step through the code. - Notice that you are connecting to the host on port 9999  and sending 5000 A's to every server function Double-click and run 'simple-fuzzer1.py' OllyDBG --> Debug [...]