Writing Your Own Exploits is a video hands on course intended to teach various ways to exploit systems using payloads created with Msfvenom. When you finish the course you will be able to create, improve and obfuscate payloads with Msfvenom, and exploit Apache Tomcat Manager using a WAR. In order to put knowledge gained into practice you will have to do dozen practical exercises.
The course is available only for premium subscribers.
The course is self-paced and pre-recorded
You will learn:
- How to use Msfvenom
- How to create payloads
- How to generate shellcode
- How to evade antivirus software
- How to hide a backdoor in a legitimate application
- How to run malicious code in a remote thread
- How to exploit Apache Tomcat Manager
- How to exploit Windows using VBScript payloads
- How to deliver payloads
- How to set up a listener
- Common misunderstandings about Msfvenom
You will need:
- Kali Linux 2.0 to generate the payloads and exploits
- Metasploitable 2 to exploit Apache Tomcat in the final module
- A Windows 7 system to exploit multiple payloads created throughout the course
What you should know before you join:
- How to transfer files from a Kali Linux 2.0 system to a Windows system
Your instructor: James Morris (@jamesm0rr1s)
James started his IT career performing data analysis and database administration, followed by an IT Automation Engineering role, which led his career to IT security once he discovered multiple 0-day vulnerabilities. At the time of creating this course, James was a Senior Penetration Tester for a Fortune 100 company. Since the creation of this course, James stood up the offensive security department at one of the top 25 cybersecurity consulting companies.
James also founded Central InfoSec (@centralinfosec) where he leads offensive operations including red teaming, penetration testing, social engineering, vulnerability assessments, third-party security reviews, and instructs security courses.
James earned his Bachelor’s degree in Computer Science from the University of Central Florida where he was a member of the cyber defense club HackUCF. He currently holds certifications including OSCP, OSWP, GPEN, GMOB, CEH, PenTest+, Security+, and more. He has attended vendor specific training, including Splunk, Tenable, and Nessus.
Certified Ethical Hacker
Module 1: Introduction to Msfvenom
Module 1 description:
This module gives an introduction to Msfvenom while covering key terminology discussed throughout the course. A potential lab setup will be discussed that includes VMware, Kali Linux 2.0, Metasploitable 2, and Windows 7.
Module 1 covered topics:
- Msfvenom essentials including payloads, payload standard options, encoders, nops, payload formats, platforms, and other Msfvenom options
- Potential lab setup including Kali Linux 2.0, Metasploitable 2, Windows 7, and VMware
Module 1 exercises:
The following exercises were created to give a hands on overview of Msfvenom.
- Log into your Kali Linux, Metasploitable 2, and Windows 7 machines
- Display the Msfvenom help menu
- List the payload’s standard options using Msfvenom
- List all of the Msfvenom payloads using Msfvenom
- List all of the Msfvenom encoders using Msfvenom
- List all of the Msfvenom nops using Msfvenom
- List the available payload formats using Msfvenom
- Describe differences between the executable formats and the transform formats
- List all of the Msfvenom platforms using Msfvenom
- Describe different Msfvenom options found on the help menu but not listed in the exercises above (The options are also discussed throughout module 1)
Module 2: Creating Exploits and Payloads with Msfvenom
Module 2 description:
This module teaches students how to create payloads using Msfvenom. Students will generate a VBScript payload using Msfvenom, and then exploit a Windows system.
Module 2 covered topics:
- Creating payloads
- Building binary payloads
- Generating shellcode
- Running a Metasploit handler
- Exploiting Windows using Msfvenom
- Creating mobile payloads
Module 2 exercises:
- Generate a VBScript payload
- Set up a Metasploit handler
- Exploit Windows using a VBScript macro payload
Module 3: Improving Exploits and Evading Antivirus Detection
Module 3 description:
This module discusses how to improve payloads and describes common misunderstandings about Msfvenom’s features. Students will learn how to improve and obfuscate payloads. Students will also exploit a Windows system using a backdoor created with Msfvenom.
Module 3 covered topics:
- Common Msfvenom misunderstandings
- Encoding payloads
- Identifying and avoiding bad characters
- Bypassing antivirus software
- Embedding payloads
- Hiding backdoors in legitimate applications
- Running malicious code in a remote thread
Module 3 exercises:
- Create an encoded payload that evades antivirus engines
- Inject a payload into an executable that evades antivirus engines
- Create an exploit that VirSCAN does not detect
- Create an embedded payload and exploit Windows
Module 4: Exploiting Apache Tomcat Manager
Module 4 description:
In this module, students will learn how to exploit Apache Tomcat Manager using a WAR payload generated with Msfvenom. The full exploitation process will be covered from port scan, to reverse shell.
Module 4 covered topics:
- Port scanning
- Service version detection
- Valid credential discovery
- Running a Metasploit auxiliary module
- Running a Netcat listener
- Exploiting Apache Tomcat Manager using Metasploit
- Exploiting Apache Tomcat Manager manually using a Msfvenom payload
Module 4 exercises:
No Reviews found for this course.