Creating Exploit Payloads with Msfvenom (W31)


Out of stock


Writing Your Own Exploits is a video hands on course intended to teach various ways to exploit systems using payloads created with Msfvenom. When you finish the course you will be able to create, improve and obfuscate payloads with Msfvenom, and exploit Apache Tomcat Manager using a WAR. In order to put knowledge gained into practice you will have to do dozen practical exercises.

The course is available only for premium subscribers.


The course is self-paced and pre-recorded

You will learn:

  • How to use Msfvenom
  • How to create payloads
  • How to generate shellcode
  • How to evade antivirus software
  • How to hide a backdoor in a legitimate application
  • How to run malicious code in a remote thread
  • How to exploit Apache Tomcat Manager
  • How to exploit Windows using VBScript payloads
  • How to deliver payloads
  • How to set up a listener
  • Common misunderstandings about Msfvenom

You will need:

  • Kali Linux 2.0 to generate the payloads and exploits
  • Metasploitable 2 to exploit Apache Tomcat in the final module
  • A Windows 7 system to exploit multiple payloads created throughout the course

What you should know before you join:

  • How to transfer files from a Kali Linux 2.0 system to a Windows 7 system

Your instructor: James Morris

James has been in the IT field for 8 years and has been tinkering with computers for nearly 15 years. He started his IT career performing data analysis and database administration, followed by an IT Automation Engineering role, which led his career to IT security.

James is currently a pentester / vulnerability management engineer for a Fortune 500 company where he performs internal and external penetration testing, vulnerability assessments, and third party security reviews. He designed and implemented their Social Engineering Pentest Program. He works with compliance standards including PCI, SOX, and HIPAA. He also enjoys automating vulnerability management tasks using PowerShell and SharePoint.

James earned his Bachelor’s degree in Computer Science from the University of Central Florida where he was a member of the cyber defense club HackUCF. He currently holds certifications including CompTIA A+, CompTIA Security+, and CEH. He has attended vendor specific training, including Splunk, Tenable, and Nessus.



Certified Ethical Hacker

Programming Enthusiast

Vulnerability Management Engineer

Bachelor’s Degree in Computer Science

Course Syllabus

Module 1: Introduction to Msfvenom

Module 1 description:

This module gives an introduction to Msfvenom while covering key terminology discussed throughout the course. A potential lab setup will be discussed that includes VMware, Kali Linux 2.0, Metasploitable 2, and Windows 7.

Module 1 covered topics:

  • Msfvenom essentials including payloads, payload standard options, encoders, nops, payload formats, platforms, and other Msfvenom options
  • Potential lab setup including Kali Linux 2.0, Metasploitable 2, Windows 7, and VMware

Module 1 exercises:

The following exercises were created to give a hands on overview of Msfvenom.

  • Log into your Kali Linux, Metasploitable 2, and Windows 7 machines
  • Display the Msfvenom help menu
  • List the payload’s standard options using Msfvenom
  • List all of the Msfvenom payloads using Msfvenom
  • List all of the Msfvenom encoders using Msfvenom
  • List all of the Msfvenom nops using Msfvenom
  • List the available payload formats using Msfvenom
  • Describe differences between the executable formats and the transform formats
  • List all of the Msfvenom platforms using Msfvenom
  • Describe different Msfvenom options found on the help menu but not listed in the exercises above (The options are also discussed throughout module 1)

Module 2: Creating Exploits and Payloads with Msfvenom

Module 2 description:

This module teaches students how to create payloads using Msfvenom. Students will generate a VBScript payload using Msfvenom, and then exploit a Windows system.

Module 2 covered topics:

  • Creating payloads
  • Building binary payloads
  • Generating shellcode
  • Running a Metasploit handler
  • Exploiting Windows using Msfvenom
  • Creating mobile payloads

Module 2 exercises:

  • Generate a VBScript payload
  • Set up a Metasploit handler
  • Exploit Windows using a VBScript macro payload

Module 3: Improving Exploits and Evading Antivirus Detection

Module 3 description:

This module discusses how to improve payloads and describes common misunderstandings about Msfvenom’s features. Students will learn how to improve and obfuscate payloads. Students will also exploit a Windows system using a backdoor created with Msfvenom.

Module 3 covered topics:

  • Common Msfvenom misunderstandings
  • Encoding payloads
  • Identifying and avoiding bad characters
  • Bypassing antivirus software
  • Embedding payloads
  • Hiding backdoors in legitimate applications
  • Running malicious code in a remote thread

Module 3 exercises:

  • Create an encoded payload that evades antivirus engines
  • Inject a payload into an executable that evades antivirus engines
  • Create an exploit that VirSCAN does not detect
  • Create an embedded payload and exploit Windows

Module 4: Exploiting Apache Tomcat Manager

Module 4 description:

In this module, students will learn how to exploit Apache Tomcat Manager using a WAR payload generated with Msfvenom. The full exploitation process will be covered from port scan, to reverse shell.

Module 4 covered topics:

  • Nmap
  • Port scanning
  • Service version detection
  • Valid credential discovery
  • Running a Metasploit auxiliary module
  • Running a Netcat listener
  • Exploiting Apache Tomcat Manager using Metasploit
  • Exploiting Apache Tomcat Manager manually using a Msfvenom payload

Module 4 exercises:

  • Perform a port scan using Nmap
  • Perform service version detection using Nmap
  • Discover valid credentials using a Metasploit auxiliary module
  • Exploit Apache Tomcat Manager using Metasploit
  • Create a WAR payload using Msfvenom
  • Run a Netcat listener
  • Exploit Apache Tomcat manually using Msfvenom


There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013