Jump to content
NO-MERCY

Advanced Windows Exploitation

By NO-MERCY, in Reverse engineering & exploit development

Recommended Posts

NO-MERCY Newbie

NO-MERCY

Posted
Posted

Hello RST ...

O9pfi.jpg

This book about "AWE" Advanced Windows Exploitation V1.1

Offensive Security

#----------------------#

Table of Contents

#----------------------#

Module 0x00 Introduction

_ Module 0x01 Egghunters

_ Lab Objectives

_ Overview

_ Exercise 1-1

MS08-067 Vulnerability

_ MS08-067 Case Study: Crashing the Service

_ MS08-067 Case Study: Finding the Right Offset

_ MS08-067 Case Study: From PoC to Exploit

_ Controlling the Execution Flow

_ Getting our Remote Shell

_ Wrapping Up

Module 0x02 Bypassing NX

_ Lab Objectives

_ A Note from the Authors

- Overview

_ Hardware-Enforcement and the NX Bit

_ Hardware-Enforced DEP Bypassing Theory Part I

_ Hardware-Enforced DEP Bypassing Theory Part II

_ Hardware-Enforced DEP on Windows 2003 Server SP2

_ MS08-067 Case Study: Testing NX Protection

_ Exercise

_ MS08-067 Case Study: Approaching the NX Problem

_ MS08-067 Case Study: Memory Space Scanning

_ MS08-067 Case Study: Defeating NX

_ Exercise

_ MS08-067 Case Study: Returning into our Buffer

_ Exercise

_ Wrapping Up

Module 0x02 (Update) Bypassing DEP AlwaysOn Policy

_ Lab Objectives

_ Overview

_ Ret2Lib Attacks and Their Evolution

_ Return Oriented Programming Exploitation

_ Immunity Debugger’s API and findroppy

_ Exercise

_ ASLR

_ PHP 60 Dev Case Study: The Crash

_ PHP 60 Dev Case Study: The ROP Approach

_ PHP 60 Dev Case Study: Preparing the Battlefield

_ Exercise

_ PHP 60 Dev Case Study: Crafting the ROP Payload

_ Steps 1 and 2

_ Steps 3 and 4

_ Step 5

_ PHP 60 Dev Case Study: Getting our Shell

_ Exercise

_ Deplib: Gadgets on Steroids

_ Classification

_ Searching the Database

_ Stack Pivoting

_ Wrapping Up

Module 0x03 Custom Shellcode Creation

_ Lab Objectives

_ Overview

_ System Calls and “The Windows Problem”

_ Talking to the Kernel

_ Finding kernel32dll: PEB Method

_ Exercise

_ Resolving Symbols: Export Directory Table Method

_ Working with the Export Names Array

_ Computing Function Names Hashes

_ Fetching Function's VMA

_ MessageBox Shellcode

_ Exercise

_ Position Independent Shellcode (PIC)

_ Exercise

_ Shellcode in a Real Exploit

_ Exercise

_ Wrapping Up

Module 0x04 Venetian Shellcode

_ Lab Objectives

_ Overview

_ The Unicode Problem

_ The Venetian Blinds Method

_ Exercise

_ DivX Player 66 Case Study: Crashing the Application

_ Exercise

_ DivX Player 66 Case Study: Controlling the Execution Flow

_ Exercise

_ DivX Player 66 Case Study: The Unicode Payload Builder

_ DivX Player 66 Case Study: Getting our Shell

_ Exercise

Module 0x05 Kernel Drivers Exploitation

_ Lab Objectives

_ Overview

_ Windows I/O System and Device Drivers

_ Communicating with drivers

_ I/O Control Codes

_ Privilege Levels and Ring0 Payloads

_ Staging R3 Payloads from Kernel Space

_ Case Study Payloads

_ Case Study Payload (1): Token Stealing

_ Case Study payload (2): MSR Hooking

_ Function Pointer Overwrites

_ avast! Case Study: Kernel Memory Corruption

_ avast! Case Study: Way Down in ring0 Land

_ Exercise

_ avast! Case Study: Bypassing Device Driver Checks

_ Exercise

_ avast! Case Study: EIP Hunting

_ Exercise

_ avast! Case Study: Elevation (1)

_ Exercise

_ avast! Case Study: Elevation (2)

_ Exercise

_ Wrapping up

Module 0x06 64-bit Kernel Driver Exploitation

_ Lab Objectives

_ Overview

_ 64-bit Address Space

_ 64-bit Main Enhancements

_ Windows-On-Windows Emulation

_ 64-bit Exploitation: General Concepts

_ MS11-080 Case Study: The Bug

_ MS11-080 Case Study: IOCTL Hunting

_ MS11-080 Case Study: Triggering the vulnerable code

_ Exercise

_ MS11-080 Case Study: Mapping your Route

_ MS11-080 Case Study: “BSODing” the Box

_ Exercise

_ MS11-080 Case Study: Owning RIP

_ MS11-080 Case Study: You are on your Own Bring me a SYSTEM Shell!

Module 0x07 Heap Spraying

_ Lab Objectives

_ Overview

_ JavaScript Heap Internals Key Points

_ Heap Spray: The Technique

_ Heap Spray Case Study: CVE-2011-2371 POC

_ Exercise

_ Heap Spray Case Study: A Deeper Look at the Bug

_ Heap Spray Case Study: Mapping the Object in Memory

_ Exercise

_ Heap Spray Case Study: Controlling the Execution Flow

_ Exercise

_ Heap Spray Case Study: Stack Pivoting

_ Exercise

_ Heap Spray Case Study: Pointers Stunts

_ Exercise

_ Heap Spray Case Study: When 1bit = Shell

_ Exercise

_ Wrapping Up

Download link : "AWE" Advanced Windows Exploitation V1.1

size : 33 Mb

parts : 4 pdf's

pages : 185

password : NO-MERCY

Best Regrads

  • Downvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...