Exploit-Writing

Exploit Writing

Course Description

The course is focused on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. The participants will learn about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Operating Systems and how to bypass them. The course is heavily focused on being hands-on. Reference material documents will be provided for concepts for further reading. By the end of the course, you should be able to meet the following objectives:

  • Understand how exploits works and different types of software exploitation techniques
  • Understand the exploit development process
  • Search for vulnerabilities in closed-source applications
  • Write their own exploits for vulnerable applications

Target Audience

  • Information Security Professionals
  • Anyone with an interest in understanding exploit development
  • Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the next level

Course Duration

  • 40 Hours

Modules Covered

Module 1 Assembly Language

  • Computer Architecture basic
  • IA-32/64 Family
  • Compiler Assembler and Linkers
  • CPU Modes and Memory Addressing
  • Register and Flags
  • Program Structure for use with nasm
  • Data Types
  • Data Movement Instruction
  • Arithmetic instructions
  • Reading and Writing from memory
  • Conditional instructions
  • Strings and Loops
  • Interrupts, Traps and Exceptions
  • Procedures, Prologues and Epilogues
  • Syscall structure and ABI for Linux
  • Calling standard library functions
  • FPU instructions
  • MMX, SSE, SSE2 etc. instruction sets
  • Shellcoding

Module 2 Reverse Engineer Win32 Application

  • Stack Overflows
  • Heap Overflows
  • Format String Flaws
  • Section Overflows and kernel flaws

Module 3 Buffer Overflow

  • The Stack
  • Stack Winding and Unwinding
  • Tempering with Return Address
  • Return to Shellcode
  • Overwriting the Stack
  • Calculating the location of RET

Module 4 Python

  • Python Scripting Language
  • System Programming and security
  • Network Security Programming
  • Attacking Web Application
  • Exploitation technique

Module 5 Backdooring PE

  • Backdooring PE files
  • Manually adding shell code to windows executable

Module 6 DEP/ASLR Bypass and Sandbox Escape via Flash Heap Overflow

  • DEP and ASLR
  • Debugger Automation
  • Flash Player Heap Internals

Module 7 CFG/ACG Bypass and Sandbox Escape

  • Main 64bit enhancement
  • Bypassing Control Flow Guard with Structured Exception Handler
  • Disarming and Bypassing EMET 5.1

Module 8 64-bit Kernel Driver Exploitation

  • Taking Windows 10 Kernel Exploitation to the next level
  • Windows Kernel Shell code on Windows 10