miércoles, 3 de julio de 2013

Exploit development

In this post I just post some useful links for people who just start studding/working with exploits development.

mona.py – the manual <- Higthly recommended tool

First: Exploit Writing Tutorials by corelanc0d3r.
  1. Exploit writing tutorial part 1 : Stack Based Overflows
  2. Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode
  3. Exploit writing tutorial part 3 : SEH Based Exploits
  4. Exploit writing tutorial part 3b : SEH Based Exploits – just another example
  5. Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
  6. Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development
  7. Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
  8. Exploit writing tutorial part 7 : Unicode – from 0×00410041 to calc
  9. Exploit writing tutorial part 8 : Win32 Egg Hunting
  10. Exploit writing tutorial part 9 : Introduction to Win32 shellcoding
  11. Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube
  12. Starting to write Immunity Debugger PyCommands : my cheatsheet

Second: SecurityTube Exploit Research megaprimer.

  1. Exploit Research Megaprimer Part 1 Topic Introduction By Vivek
  2. Exploit Research Megaprimer Part 2 Memcpy Buffer Overflow
  3. Exploit Research Megaprimer Part 3 Strcpy Buffer Overflow
  4. Exploit Research Megaprimer Part 4 Minishare Buffer Overflow
  5. Exploit Research Megaprimer Part 5 Freesshd Buffer Overflow
  6. Exploit Research Megaprimer Part 6 Seh Basics
  7. Exploit Research Megaprimer Part 7 Overwrite Seh
  8. Exploit Research Megaprimer Part 8 Exploiting Seh
  9. Exploit Research Megaprimer Part 9 Guest Lecture By Andrew King
  10. Binary Diffing Microsoft Patches


Third: Heap Overflow: For Humans + Vulnerability and Heap Internals Explained

Fourth: ARM exploitation

Fifth: Many interesting videos related with exploit development


Soon this post will be updated.

No hay comentarios:

Publicar un comentario en la entrada