Spend more time learning and less time searching

by

I don’t know how many hours I spent searching information in the web. Old post, obsolte code, wrong code is all time lost. When I started this challenge I would have liked to have a list to start and have an idea about which argument I should master. I want to congratulate and over-please all person (in specific Corelan team and all people that works whit them) that creates blog, articles, website and all this stuff that allow us to learn a lot. You Rock!

FUZZING:

  1. Fuzzing and Exploit Development with Metasploit – Louisville Metasploit Class
  2. Fuzzing with Peach – Install – Part 1
  3. Fuzzing with Peach – The Peach Pit – Part 2
  4. Fuzzing with Peach – Running the Fuzz – Part 
  5. Simple File Format Fuzzing
  6. Root Cause Analysis – Memory Corruption Vulnerabilities

WINDOWS/LINUX EXPLOIT DEVELOPMENT:

  1. Part 1: Introduction to Exploit Development
  2. Part 2: Saved Return Pointer Overflows
  3. Part 3: Structured Exception Handler (SEH)
  4. Egg Hunters
  5. Part 5: Unicode 0x00410041
  6. Part 7: Return Oriented Programming
  7. Part 8: Spraying the Heap [Chapter 1: Vanilla EIP] – Putting Needles in the Haystack
  8. Part 9: Spraying the Heap [Chapter 2: Use-After-Free] – Finding a needle in a Haystack
  9. Exploit writing tutorial part 1 : Stack Based Overflows
  10. Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode
  11. Exploit writing tutorial part 3 : SEH Based Exploits
  12. Exploit writing tutorial part 3b : SEH Based Exploits – just another example
  13. Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
  14. Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development
  15. Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
  16. Exploit writing tutorial part 7 : Unicode – from 0×00410041 to calc
  17. Exploit writing tutorial part 8 : Win32 Egg Hunting
  18. Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube
  19. Hack Notes : ROP retn+offset and impact on stack setup
  20. Hack Notes : Ropping eggs for breakfast
  21. Exploit notes – win32 eggs-to-omelet
  22. Universal DEP/ASLR bypass with msvcr71.dll and mona.py
  23. WoW64 Egghunter
  24.  Exploit writing tutorial part 11 : Heap Spraying Demystified
  25. Root Cause Analysis – Memory Corruption Vulnerabilities
  26. Heap Layout Visualization with mona.py and WinDBG
  27. Root Cause Analysis – Integer Overflows
  28. Stack based windows buffer overflow
  29. SEH stack based windows buffer overflow
  30. Windows buffer overflow: dealing with character translation
  31. An egghunter and a conditional jump
  32. The Difference Between Heap Overflow and Use After Free Vulnerabilities
  33. Tutorial: SEH Based Exploits and the Development Process
  34. RemoteExec Computers List Buffer Overflow ROP Exploit
  35. ROP
  36. Heap Overflows For Humans 102
  37. Heap Overflows For Humans 102.5
  38. Heap Overflows For Humans 103
  39. Heap Overflows For Humans 103.5
  40. Heap Overflows For Humans 104
  41. A Tale of Two Pwnies (Part 1)
  42. A Tale Of Two Pwnies (Part 2)
  43. Introduction to return oriented programming (ROP)
  44. Defeating Windows 8 ROP Mitigation
  45. Stack Smashing: When Code Execution Becomes a Nightmare
  46. Bypassing ASLR and DEP on Adobe Reader X
  47. Advanced Heap Manipulation in Windows 8
  48. Metasploit exploit development – The series Part 1.
  49. Universal ROP shellcode for OS X x64
  50. Exploit research Megaprimer (Vivek)
  51. Buffer Overflow megaprimer for Linux (Vivek)
  52. Format string megaprimer (Vivek)

EASY EXPLOIT TUTORIAL TO START:

  1. Recipe 1 – CVE-2010-4540 Gimp
  2. Recipe 2 – CVE-2010-0033 PowerPoint Viewer
  3. Vulnserver by grey corner – part 1

LINUX EXPLOIT DEVELOPMENT:

  1. Part 1: Introduction to Linux Exploit Development
  2. Part 2: Linux Format String Exploitation
  3. http://exploit-exercises.com/protostar/stack0
  4. http://exploit-exercises.com/fusion

SHELLCODE:

  1. Part 6: Writing W32 shellcode
  2. Writing shellcode to binary files
  3. Exploit writing tutorial part 9 : Introduction to Win32 shellcoding
  4. http://www.projectshellcode.com/?q=node/12
  5. High Level Windows Shellcode Development Methods
  6. The Art of Win32 Shellcoding
  7. Linux 64 bit shellcode

EXPLOIT RESEARCH:

  1. http://packetstormsecurity.com/files/tags/proof_of_concept/
  2. http://1337day.com/
  3. http://www.exploit-db.com/
  4. http://www.securityfocus.com/bid

ARTICLES:

  1. Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg
  2. Smashing the stack in 2010 (improved)
  3. http://www.exploit-db.com/wp-content/themes/exploit/docs/27657.pdf
  4. Debugging Fundamentals for Exploit Development

BOOKS:

  1. The Shellcoder’s Handbook  ~ http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/0764544683
  2. Bug Hunter’s Diary ~ http://nostarch.com/bughunter
  3. The Art of Exploitation (2nd Edition) ~ http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
  4. Gray Hat Python: Python Programming for Hackers and Reverse Engineers – http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921

IMMUNITY DEBUGGER & mona.py (amazing Corelan stuff):

  1.  https://www.youtube.com/watch?v=D6dRlePXAhI&feature=c4-overview&list=UUydYZGwQcBRDFpe07M03Tqw

IDA PRO:

  1. IDA Pro Disassembler & Debugger ~ http://tuts4you.com/download.php?list.67
  2. Free IDA Pro Binary Auditing Training Material for University Lectures ~ http://www.binary-auditing.com/
  3. The IDA Pro Book:  http://www.amazon.it/The-Ida-Pro-Book-Disassembler/dp/1593272898

OLLY DBG:

  1. Lena’s Reversing for Newbies ~ http://tuts4you.com/download.php?list.17
  2. OllyDbg Tutorials ~ http://tuts4you.com/download.php?list.29
  3. OllyDbg Plugins ~ http://tuts4you.com/download.php?list.3
  4. OpenRCE ~ http://www.openrce.org/downloads/
  5. OllyDbg Tricks for Exploit Development

GDB:

  1.  SecurityTube’s SLAE (SecurityTube Linux Assembly Expert) course ~http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/index.html
  2. http://www.cs.cmu.edu/~gilpin/tutorial/
  3. http://beej.us/guide/bggdb/
  4. Quick reference

I’m trying to keep this list revised, other links are welcome!!

settembre 13, 2013 | Categorie: Uncategorized | Lascia un commento

Exploit development and programming

As you can see in wikipedia articles “An exploit (from the verb to exploit, in the meaning of using something to one’s own advantage) is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerised). Such behavior frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial-of-service attack.”, so if you want to join exploit world you must learn programming!  You can’t master it all but at the beginning almost one. Here a little and personal panning shot:

– Python: I think the best program languages, easy, documented and first-class (version 2.7.5 recommend):

–  http://www.python.org/

–  http://www.codecademy.com/tracks/python

– http://en.wikibooks.org/wiki/Subject:Python_programming_language

– http://www.blackhatlibrary.net/Python

– http://docs.python.org/2/py-modindex.html

– useful books (you can find in Amazon):

– Learn Python The Hard Way – Release 2.0 – Zed A. Shaw

– Foundations_of_Python_Network_Programming_Second_Edition

– Violent Python_ A Cookbook for – T. J. O’Connor

– Gray Hat Python

– Core.Python.Applications.Programming.3rd.Edition

Ruby: Another scripting language. Young, strong and expressive. Easy to learn and a must have if you want to work with Metasploit (version 1.9.3 reccommend)

– http://en.wikibooks.org/wiki/Subject:Ruby_programming_language

– http://www.blackhatlibrary.net/Ruby

– useful books:

– Learn Ruby The Hard Way – Release 2.0 – Zed A. Shaw and Rob Sobers

– Programming_ruby_1.9_3rd_edition

– Metaprogramming ruby: program like the ruby pros

– Metasploit Toolkit for Penetration Testing, Exploit Development, & Vulnerability Research

Perl:  First exploit development scripting language. Now I think that Python is better.

– http://www.perl.org/

– http://www.blackhatlibrary.net/Perl

– Useful books:

– Learning Perl, 6th Edition

– Perl/Tk Pocket Reference

– The Best Perl Programmers Use Modern Perl

C/C++:   A must have in exploit development. I think is harder by newbie to master it, but timing spent learning C is never lost time.

C:

– http://www.blackhatlibrary.net/C

– http://www.java2s.com/Tutorial/C/CatalogC.htm

– http://beej.us/guide/bgc/

– useful books:

– The C programming Language

C++ : After C you can complete your studies with C++

– http://www.cplusplus.com/doc/tutorial/

– http://www.learncpp.com/

– http://www.blackhatlibrary.net/CPP

x86 Assembly: old programming language but a must have to learn how CPU and memory works.

– http://www.skullsecurity.org/wiki/index.php/Fundamentals

– http://www.blackhatlibrary.net/Assembly (Windows)

– http://www.securitytube.net/groups?operation=view&groupId=6 (Windows)

– http://www.securitytube.net/groups?operation=view&groupId=5  (Linux)

– http://www.blackhatlibrary.net/Linux_assembly (Linux)

– useful books:

– x86 Disassembly Exploring the relationship between C, x86 Assembly, and Machine Code

– The Art of Assembly Language

 Assembly Language for x86 Processors sixth edition

– video:

– Windows assembly Megaprimer by Vivek on Securitytube

– Assembly language Megaprimer on Linux by Vivek

Windows programming:  learn how an os works

– http://en.wikibooks.org/wiki/Windows_Programming

– http://www.relisoft.com/win32/index.htm

– useful books:

 Windows internals 4

– Windows internals 5

 Windows internals 6 pt 1

– Windows internals 6 pt 2

extra:

– Powershell:   Microsoft scripting language

Linux programming:

– useful books:

–  Advanced Linux Programming

extra:

– Bash: scripting language based on shell, useful to automize POSIX works

– http://tldp.org/LDP/abs/html/

– Pro Bash Programming Scripting the GNU/Linux Shell

– only for Italian: http://gapil.gnulinux.it/download/

Disassembly: not a real programming language but useful to understand how memory works and learn a lot of info about assembly

– http://en.wikibooks.org/wiki/X86_Disassembly

– useful books:

– The Art of Disassembly

You can also improve yuorself by studying other exploits/works around network, try to do better!

– https://github.com/

– http://www.emoticode.net/

In hopes that this list have purify your mind and pushed in right way, I want to ask you to help me improve and update it.

Leave a comment