Exploit Development

A Comprehensive Coverage Of Software Exploitation

The course is focused on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. The participants will learn about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Operating Systems and how to bypass them.

The course is heavily focused on being hands-on. Reference material documents will be provided for concepts for further reading.

Course content slides will demonstrate attacks performed in-class and explain concepts where needed.

Objectives of the course

Upon completion of this course, participants will be able to:

  • Understand how exploits works and different types of software exploitation techniques
  • Understand the exploit development process
  • Search for vulnerabilities in closed-source applications
  • Write their own exploits for vulnerable applications

Who should attend this training?

  • Information Security Professionals
  • Anyone with an interest in understanding exploit development
  • Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the next level

Skill Pre-requisites

  • Working knowledge of Windows and Linux Operating Systems
  • Working knowledge of scripting languages like Perl, Python or Ruby
  • Comfortable with command-line utilities
  • Basics of ‘C’ programming language

Pre-requisites (Self-study)

  • The participant should have a clear understanding of what are vulnerabilities and exploits.
  • The participant should have background knowledge of the working of x86 Architecture
  • Basic knowledge of Assembly Language is necessary

Course Contents

  • Module 1: Types of Exploitation
    • Stack Buffer overflow
    • Heap Overflow
    • File Format String exploits
  • Module 2:Introduction to Debuggers
    • Windbg
    • Ollydbg
    • Immunity Debugger
  • Module 3: : Live Exploitation demo
  • Module 4: Windows Exploitation – Walkthrough for sample application
    • Fuzzing – Triggering the vulnerability
    • Crafting the attack string
    • Return to stack vs Return through registers
    • Break-point debugging
    • Creating the payload
  • Module 5: Shellcode basics
  • Module 6:Different Types of Payloads
  • Module 7: Exploiting with Structured Exception Handlers (SEH)
  • Module 8: ActiveX Exploitation
  • Module 9: Exploit Protection mechanism
    • SafeSEH
    • GS Cookie
    • DEP
    • ASLR
  • Module 10:Introduction to Linux Exploitation
  • Module 11: Basics of GDB Debugger
  • Module 12: Return-to-libc technique

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content