Complete Exploit Research Development


The course is focused on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. The participants will learn about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Operating Systems and how to bypass them.The course is heavily focused on being hands-on. Reference material documents will be provided for concepts for further reading.
Course content slides will demonstrate attacks performed in-class and explain concepts where needed.

Objectives of the course

Upon completion of this course, participants will be able to:

  1. Understand how exploits works and different types of software exploitation techniques
  2. Understand the exploit development process
  3. Search for vulnerabilities in closed-source applications
  4. Write their own exploits for vulnerable applications

Who should attend this training?

  1. Information Security Professionals
  2. Anyone with an interest in understanding exploit development
  3. Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the next level

Skill Pre-requisites

  1. Working knowledge of Windows and Linux Operating Systems
  2. Working knowledge of scripting languages like Perl, Python or Ruby
  3. Comfortable with command-line utilities
  4. Basics of ‘C’ programming language

Pre-requisites (Self-study)

  1. The participant should have a clear understanding of what are vulnerabilities and exploits.
  2. The participant should have background knowledge of the working of x86 Architecture
  3. Basic knowledge of Assembly Language is necessary

Course Contents

Session One

  1. Module 1: Types of Exploitation
    1. Stack Buffer overflow
    2. Heap Overflow
    3. File Format String exploits
  2. Module 2:Introduction to Debuggers
    1. Windbg
    2. Ollydbg
    3. Immunity Debugger
  3. Module 3: : Live Exploitation demo

Session Two

  1. Module 4: Windows Exploitation – Walkthrough for sample application
    1. Fuzzing – Triggering the vulnerability
    2. Crafting the attack string
    3. Return to stack vs Return through registers
    4. Break-point debugging
    5. Creating the payload
  2. Module 5: Shellcode basics

Session Three

  1. Module 6:Different Types of Payloads

Session Four

  1. Module 7: Exploiting with Structured Exception Handlers (SEH)

Session Five

  1. Module 8: ActiveX Exploitation
  2. Module 9: Exploit Protection mechanism
    1. SafeSEH
    2. GS Cookie
    3. DEP
    4. ASLR

Session Six

  1. Module 10:Introduction to Linux Exploitation
  2. Module 11: Basics of GDB Debugger
  3. Module 12: Return-to-libc technique

Leave a Reply

Your email address will not be published. Required fields are marked *