NO-MERCY Posted July 3, 2015 Report Posted July 3, 2015 Hello RST : Exploit Development Course 2015 --> FreePrefaceHi and welcome to this website! I know people don’t like to read prefaces, so I’ll make it short and right to the point.This is the preface to a course about Modern Windows Exploit Development. I chose Windows because I’m very familiar with it and also because it’s very popular. In particular, I chose Windows 7 SP1 64-bit. Enough with Windows XP: it’s time to move on!There are a few full-fledged courses about Exploit Development but they’re all very expensive. If you can’t afford such courses, you can scour the Internet for papers, articles and some videos. Unfortunately, the information is scattered all around the web and most resources are definitely not for beginners. If you always wanted to learn Exploit Development but either you couldn’t afford it or you had a hard time with it, you’ve come to the right place!This is an introductory course but please don’t expect it to be child’s play. Exploit Development is hard and no one can change this fact, no matter how good he/she is at explaining things. I’ll try very hard to be as clear as possible. If there’s something you don’t understand or if you think I made a mistake, you can leave a brief comment or create a thread in the forum for a longer discussion. I must admit that I’m not an expert. I did a lot of research to write this course and I also learned a lot by writing it. The fact that I’m an old-time reverse engineer helped a lot, though.In this course I won’t just present facts, but I’ll show you how to deduce them by yourself. I’ll try to motivate everything we do. I’ll never tell you to do something without giving you a technical reason for it. In the last part of the course we’ll attack Internet Explorer 10 and 11. My main objective is not just to show you how to attack Internet Explorer, but to show you how a complex attack is first researched and then carried out. Instead of presenting you with facts about Internet Explorer, we’re going to reverse engineer part of Internet Explorer and learn by ourselves how objects are laid out in memory and how we can exploit what we’ve learned. This thoroughness requires that you understand every single step of the process or you’ll get lost in the details.As you’ve probably realized by now, English is not my first language (I’m Italian). This means that reading this course has advantages (learning Exploit Development) and disadvantages (unlearning some of your English). Do you still want to read it? Choose wisely To benefit from this course you need to know and be comfortable with X86 assembly. This is not negotiable! I didn’t even try to include an assembly primer in this course because you can certainly learn it on your own. Internet is full of resources for learning assembly. Also, this course is very hands-on so you should follow along and replicate what I do. I suggest that you create at least two virtual machines with Windows 7 SP1 64-bit: one with Internet Explorer 10 and the other with Internet Explorer 11.I hope you enjoy the ride!Contents WinDbg Mona 2 Structure Exception Handling (SEH) Heap Windows Basics Shellcode Exploitme1 (ret eip overwrite) Exploitme2 (Stack cookies & SEH) Exploitme3 (DEP) Exploitme4 (ASLR) Exploitme5 (Heap Spraying & UAF) EMET 5.2 Internet Explorer 10 Reverse Engineering IE From one-byte-write to full process space read/write God Mode (1) God Mode (2) Use-After-Free bug Internet Explorer 11 Part 1 Part 2Regards NO-MERCY PDF'S Soooooooon Source : http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ 1 Quote
Nytro Posted July 3, 2015 Report Posted July 3, 2015 This looks nice: EMET 5.2 - Exploit Development Community Quote
NO-MERCY Posted August 18, 2015 Author Report Posted August 18, 2015 (edited) All In One Pdf Finished Today : Details : File: Modern Windows Exploit Development.pdf Size: 19.0 MB Pages: 529 CRC-32: 0c5c697f MD4: 5ed2b468e7d5e0d6938205cd5964354b MD5: 38a36b37a5105195795e57edde6cb217 SHA-1: bd23cc60c3508ecbb7fb87ec02ceb774d89ff49eDownload : Modern Windows Exploit Development - Download - 4shared - NO-MERCY AT4RERegards NO-MERCYFileShare Download Modern Windows Exploit Development.pdf (by: Church)https://mega.nz/#!9lwRnAAB!Hw0pP7NMLfdcE8saw0uI9coAG2a_0xckiL9IMhUJz_Y (by: m4v3rick)https://drive.google.com/file/d/0B8sHjc3kJKQrUTYxSkpldy01ZWs/view (By:Unknown) Edited October 31, 2015 by NO-MERCY Img link Updated & Others Links Quote
Nytro Posted August 18, 2015 Report Posted August 18, 2015 Shitty 4shared: http://dc108.4shared.com/img/WbhRrRdEce/s11/14f41d3e938/Modern_Windows_Exploit_Develop?sbsr=391bb2a5d89275531bf2a44eea427d5e1d68cb37c7b7c36c Quote
Church Posted August 18, 2015 Report Posted August 18, 2015 Modern Windows Exploit Development.pdf Quote
u0m3 Posted October 26, 2015 Report Posted October 26, 2015 If I may make a suggestion: preserve the links when converting to PDF. That way the download links are valid. Or at least annotate the URLs somewhere. Quote
m4v3rick Posted October 27, 2015 Report Posted October 27, 2015 https://mega.nz/#!9lwRnAAB!Hw0pP7NMLfdcE8saw0uI9coAG2a_0xckiL9IMhUJz_Y Quote
NO-MERCY Posted October 31, 2015 Author Report Posted October 31, 2015 If I may make a suggestion: preserve the links when converting to PDF. That way the download links are valid. Or at least annotate the URLs somewhere.thx .. I'll try to Make Final Edition Soon u Know it's Take Very Very Long Time But Promise .. tO be Continue .. you Mean all links in pdf or just pics hyperlinks or you don't trust any Damn link Greetings Quote
u0m3 Posted November 1, 2015 Report Posted November 1, 2015 No, I meant the download links. For example on Mona 2 - Exploit Development Community you have 1. Install Python 2.7 (download it from here)The last word in parenthesis "here" is a link to the python website.I was suggesting you preserve those in the PDF, because if the example I gave here is quite trivial to figure out / Google, the next one is kind of impossible for meDownload the right zip package from here, and extract and run vcredist_x86.exe and vcredist_x64.exe.where "here" refers to Python extension for WinDbg - Home.Or if there is a security concern, just annotate on the page somehow the url(s).Just my two cents.Either way stellar work. Quote