Jump to content

Recommended Posts

Posted

L-am pus aici ca in bookmarks nu prea le gasesc.

Sursa: http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/

The best resources for learning exploit development

Exploit development is considered to be the climax in the learning path of an ethical hacker or security professional. It is strongly advisable to have mastered the basics before delving into this topic. Exploit development is hard and it’s not something you learn at school or university (usually), not something any of your geek friends will talk about all day long. Only those who are brave to study hard can achieve the joy of controlling the EIP, popping a shell and taking control of a machine while the oblivious user yells at Microsoft for the nth crash of his beloved program.

What are the prerequisites for learning about exploit development?

Well, if you want to comprehend and hopefully start developing your own exploits you should have at least a basic knowledge of x86/64 bit system architecture (Windows, Linux or Mac according to your target), low level programming, possibly assembly, C/C++ or Python is fine as well for many tasks, then you should have in mind how the computer memory works (RAM), the concept of stack, heap, CPU registers, the most common operations, system calls, segmentation fault, buffer overflow, race condition and so on. You also should be familiar with disassemblers and a background in reverse engineering or malware analysis may be useful before starting to develop your own exploits.

Let’s see some resources that can help you to be prepared before attempting the big jump onto the high level world of exploit development, the Olympus of the Godly Hackers.

x86/64 bit system architecture:

Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration

Introductory Intel x86-64: Architecture, Assembly, Applications, & Alliteration

Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration

 

Assembly language:

http://www.drpaulcarter.com/pcasm/

Assembly Language Step-by-Step: Programming with Linux

The Art of Assembly Language

Windows Assembly Language Megaprimer

Assembly Language Megaprimer for Linux

 

C/C++:

C Programming Absolute Beginner’s Guide

The C Programming Language

Introduction to Computer Science CS50x

Programming: Principles and Practice Using C++

C++ Primer

Accelerated C++: Practical Programming by Example

 

Python:

Python has a wonderful official documentation, apart from that you can use the following books/courses:

Learn Python the hard way

How to think like a computer scientist

Learning Python

Introduction to computer science and programming using Python MITx 6.00.1x


 

When you feel comfortable with the prerequisites, then you can start learning exploit developmentfollowing these great resources!

I compiled a list of books, tutorials, courses, tools and vulnerable applications that you can use for your study.

 

BOOKS


 

TUTORIALS

Corelan.be

 

Opensecuritytraining.info

Securitytube.net

 

Massimiliano Tomassoli’s blog

 

Samsclass.info

 

Securitysift.com

Justbeck.com

http://www.justbeck.com/getting-started-in-exploit-development/

0xdabbad00.com

http://0xdabbad00.com/2012/12/09/hurdles-for-a-beginner-to-exploit-a-simple-vulnerability-on-modern-windows/

fuzzysecurity.com

sploitfun.wordpress.com

https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/

sneakerhax.com

http://sneakerhax.com/jumping-into-exploit-development/

community.rapid7.com

https://community.rapid7.com/community/metasploit/blog/2012/07/05/part-1-metasploit-module-development–the-series

resources.infosecinstitute.com

http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-development/

rafayhackingarticles.net

http://www.rafayhackingarticles.net/2011/07/from-minor-bug-to-zero-day-exploit.html

Smashing the stack for fun and for profit: revived

Automating format string exploits

IT-Sec catalog 2.0 (Exploit development) by Arthur Gerkis

NCCGroup.trust

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/

Desc0n0cid0.blogspot.it

https://desc0n0cid0.blogspot.it/2016/09/stack-based-buffer-overflow.html
https://desc0n0cid0.blogspot.it/2016/09/stack-based-buffer-overflow_28.html
https://desc0n0cid0.blogspot.it/2016/09/stack-based-buffer-overflow_29.html
https://desc0n0cid0.blogspot.it/2016/10/part-4-stack-based-buffer-overflow.html

Stack Based Overflow Articles.

Heap Based Overflow Articles.

Kernel Based Exploit Development Articles.

Windows memory protections Introduction Articles.

Windows memory protections Bypass Methods Articles.

Typical windows exploits

 


 TRAININGS

Opensecuritytraining.info

 

Module 12 of Advanced penetration testing cource on Cybrary.it

https://www.cybrary.it/course/advanced-penetration-testing/

Securitytube.net

infiniteskills.com

http://www.infiniteskills.com/training/reverse-engineering-and-exploit-development.html


 

COURSES

Corelan

 

Offensive Security

 

SANS

Ptrace Security

Udemy


VIDEOS


LiveOverflow Youtube channel


 

TOOLS

  • IDA Pro – Windows disassembler and debugger, with a free evaluation version.
  • OllyDbg – An assembly-level debugger for Windows executables.
  • WinDbg – Windows debugger
  • Mona.py – Immunity debugger helper
  • angr – Platform-agnostic binary analysis framework developed at UCSB’s Seclab.
  • BARF – Multiplatform, open source Binary Analysis and Reverse engineering Framework.
  • binnavi – Binary analysis IDE for reverse engineering based on graph visualization.
  • Bokken – GUI for Pyew and Radare.
  • Capstone – Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages.
  • codebro – Web based code browser using clang to provide basic code analysis.
  • dnSpy – .NET assembly editor, decompiler and debugger.
  • Evan’s Debugger (EDB) – A modular debugger with a Qt GUI.
  • GDB – The GNU debugger.
  • GEF – GDB Enhanced Features, for exploiters and reverse engineers.
  • hackers-grep – A utility to search for strings in PE executables including imports, exports, and debug symbols.
  • Immunity Debugger – Debugger for malware analysis and more, with a Python API.
  • ltrace – Dynamic analysis for Linux executables.
  • objdump – Part of GNU binutils, for static analysis of Linux binaries.
  • PANDA – Platform for Architecture-Neutral Dynamic Analysis
  • PEDA – Python Exploit Development Assistance for GDB, an enhanced display with added commands.
  • pestudio – Perform static analysis of Windows executables.
  • Process Monitor – Advanced monitoring tool for Windows programs.
  • Pyew – Python tool for malware analysis.
  • Radare2 – Reverse engineering framework, with debugger support.
  • SMRT – Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis.
  • strace – Dynamic analysis for Linux executables.
  • Udis86 – Disassembler library and tool for x86 and x86_64.
  • Vivisect – Python tool for malware analysis.
  • X64dbg – An open-source x64/x32 debugger for windows.
  • afl – American Fuzzy Lop fuzzer
  • gef – enhanced gdb debugger
  • honggfuzz – general purpose fuzzer
  • libheap – python gdb library for examining glibc heap (ptmalloc)
  • pwndbg – enhanced gdb framework for exploit development
  • pwntools – exploit development and CTF toolkit
  • qira – parallel, timeless debugger
  • ropper – rop gadget finder
  • rp++ – rop gadget finder
  • xrop – rop gadget finder
  • shellnoob – shellcode writing helper
  • shellsploit – exploit development toolkitSploitKit – a suite of cli tools to automate the tedious parts of exploit development
  • ROP Injector – rop injector

HEAP EXPLOITATION TECHNIQUES

https://github.com/shellphish/how2heap


 

VULNERABLE APPLICATIONS

Exploit-exercises.com


 

EXPLOITS DATABASE

 

COLLABORATE!

Do you have other fantastic resources to share that could be part of this list? Then check out my projecton Github and send me a pull request!

  • Like 1
  • Upvote 4

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...