This is an intermediate level course for exploit development. An introduction to X86 assembly language will be provided. Introduction to Stack Overflow, Heap Overflow, SEH based Overflow, and Format string vulnerabilities will be explained in detail and exploits will be developed for all types of vulnerabilities using real life applications. Introduction to stack protection, such as stack cookies, canary value, DEP, and ASLR, will be explained in detail. Each module will have hands on exercises of developing exploits. During the course, you will recreate exploits for RCE for the existing vulnerabilities for exploits that exist in public.
This course is self-paced and pre-recorded
18 CPE Credits
You will learn:
- How to exploit vulnerabilities
- How to write exploits
- How to convert exploits to Metasploit
You will need:
- Windows XP (Any SP) / Windows 7 and Kali Linux
Before you join you should be familiar with:
- Scripting language such as Python or Ruby will be helpful. Exploit will be developed using Python.
- TCP/IP, HTTP and basic networking will be helpful.
MODULE 1: Revisit the basics
In this module, we will touch on the basic network monitoring tools, reverse engineering tools (Ida, Ollydbg, Immunity, etc.) and editing binary data. You will be introduced to x86 assembly language and basic introduction of buffer overflow vulnerabilities including stack, heap, use-after-free and format string vulnerabilities. You will be introduced to open source repositories of exploits and to Kali Linux and its basic usage.
- Introduction to Tools
- Metasploit (Pattern create tools)
- Binary Editor (Hex edit)
- Introduction to x86 assembly language
- Simple operation PUSH, POP, MOV, JUMP
- Identifying machine code
- Looking back C code in Assembly
- Types of Vulnerabilities
- Stack Overflow
- Heap Overflow
- Use After free vulnerability
- Format String vulnerability
- Exploit Building blocks
- Python intro for Exploit development
- Exploit Source
- Introduction to Kali Linux
Exercises: (Duration: 1 hour)
- Read provided article
- exploit configured Struts application using particular application
MODULE 2: Basic Stack Overflow Exploitation
In this module, we will look a little deeper into our journey of exploit development. You will be introduced to C construct to recognize the code in debugger. We will analyse crash in debuggers. You will be introduced to EIP overwrite, JMP instruction use case, methodology to eliminate bad characters from the shellcode. Introduction to Fuzzing, how to identify bad characters in shellcode. We will exploit building exercise for creating exploit for CesarFTP.
- Identify C construct in Assembly
- Introduction to Fuzzing
- Analyzing the crash in debugger
- What is EIP Overwrite
- JMP instruction
- Eliminate bad characters in shellcode
- What is Shell Code
- Exploitation of CesarFTP
- Change the public Exploit to RCE
- Solution of Exercise 1
Exercise: (Duration: 1 hour)
- Develop a step by step exploit for remote code execution for CVE-2017-6880 and FTPshell Server 6.56.
MODULE 3: Advanced Exploitation
In this module, we will learn about stack protection, SEH handler and SEH based exploitation. What is NOP, NOP Sled and how these are useful in developing exploit. Stack protection mechanism DEP and ASLR in action. You will be introduced to Return oriented programming. How to make ROP chain. SEH DEP, ASLR are stack protection techniques. DEP and ASLR are enabled in new Operating System. ROP is a way to overcome such protection.
- Stack Protections
- What is SEH
- Breaking SEH Protection with real application
- Understanding NOPsled
- Writing Exploit for SEH based buffer overflow
- DEP and ASLR
- ROP Chain
Exercise: (Duration: 1 hour)
- Try to create a Remote Code execution exploit for particular POCs.
MODULE 4: Advanced Exploitation pt. 2
In this module, you will learn how to format String vulnerabilities and exploit format string vulnerability. You will be provided an introduction to the most successful penetration testing tool, ‘Metasploit’, and porting your own exploit to Metasploit. It is very important to know how to make use of Metasploit libraries for making a successful connection. Metasploit is an established penetration testing tool used heavily in industry.
- Introduction to Format String vulnerability
- Exploit Format string vulnerability in Public software
- Write new exploit for the vulnerability
- Write Metasploit exploit
- Write Metasploit exploit for FTPGetter.
- Exploit Struts, analyse vulnerability in detail and try to find out new exploit vector.
- Develop own exploit for the XM Easy Personal FTP Server.
Your instructor: Virendra Bisht
I am a technology enthusiast and cyber security professional, I have a great interest in solving complex problems of Information security. I have 10 years of experience in Exploit development, Malware analysis, Vulnerability analysis, and penetration testing.