I don’t know how many hours I spent searching information in the web. Old post, obsolte code, wrong code is all time lost. When I started this challenge I would have liked to have a list to start and have an idea about which argument I should master. I want to congratulate and over-please all person (in specific Corelan team and all people that works whit them) that creates blog, articles, website and all this stuff that allow us to learn a lot. You Rock!
FUZZING:
- Fuzzing and Exploit Development with Metasploit – Louisville Metasploit Class
- Fuzzing with Peach – Install – Part 1
- Fuzzing with Peach – The Peach Pit – Part 2
- Fuzzing with Peach – Running the Fuzz – Part
- Simple File Format Fuzzing
- Root Cause Analysis – Memory Corruption Vulnerabilities
WINDOWS/LINUX EXPLOIT DEVELOPMENT:
- Part 1: Introduction to Exploit Development
- Part 2: Saved Return Pointer Overflows
- Part 3: Structured Exception Handler (SEH)
- Egg Hunters
- Part 5: Unicode 0x00410041
- Part 7: Return Oriented Programming
- Part 8: Spraying the Heap [Chapter 1: Vanilla EIP] – Putting Needles in the Haystack
- Part 9: Spraying the Heap [Chapter 2: Use-After-Free] – Finding a needle in a Haystack
- Exploit writing tutorial part 1 : Stack Based Overflows
- Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode
- Exploit writing tutorial part 3 : SEH Based Exploits
- Exploit writing tutorial part 3b : SEH Based Exploits – just another example
- Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics
- Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development
- Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR
- Exploit writing tutorial part 7 : Unicode – from 0×00410041 to calc
- Exploit writing tutorial part 8 : Win32 Egg Hunting
- Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube
- Hack Notes : ROP retn+offset and impact on stack setup
- Hack Notes : Ropping eggs for breakfast
- Exploit notes – win32 eggs-to-omelet
- Universal DEP/ASLR bypass with msvcr71.dll and mona.py
- WoW64 Egghunter
- Exploit writing tutorial part 11 : Heap Spraying Demystified
- Root Cause Analysis – Memory Corruption Vulnerabilities
- Heap Layout Visualization with mona.py and WinDBG
- Root Cause Analysis – Integer Overflows
- Stack based windows buffer overflow
- SEH stack based windows buffer overflow
- Windows buffer overflow: dealing with character translation
- An egghunter and a conditional jump
- The Difference Between Heap Overflow and Use After Free Vulnerabilities
- Tutorial: SEH Based Exploits and the Development Process
- RemoteExec Computers List Buffer Overflow ROP Exploit
- ROP
- Heap Overflows For Humans 102
- Heap Overflows For Humans 102.5
- Heap Overflows For Humans 103
- Heap Overflows For Humans 103.5
- Heap Overflows For Humans 104
- A Tale of Two Pwnies (Part 1)
- A Tale Of Two Pwnies (Part 2)
- Introduction to return oriented programming (ROP)
- Defeating Windows 8 ROP Mitigation
- Stack Smashing: When Code Execution Becomes a Nightmare
- Bypassing ASLR and DEP on Adobe Reader X
- Advanced Heap Manipulation in Windows 8
- Metasploit exploit development – The series Part 1.
- Universal ROP shellcode for OS X x64
- Exploit research Megaprimer (Vivek)
- Buffer Overflow megaprimer for Linux (Vivek)
- Format string megaprimer (Vivek)
EASY EXPLOIT TUTORIAL TO START:
- Recipe 1 – CVE-2010-4540 Gimp
- Recipe 2 – CVE-2010-0033 PowerPoint Viewer
- Vulnserver by grey corner – part 1
LINUX EXPLOIT DEVELOPMENT:
- Part 1: Introduction to Linux Exploit Development
- Part 2: Linux Format String Exploitation
- http://exploit-exercises.com/protostar/stack0
- http://exploit-exercises.com/fusion
SHELLCODE:
- Part 6: Writing W32 shellcode
- Writing shellcode to binary files
- Exploit writing tutorial part 9 : Introduction to Win32 shellcoding
- http://www.projectshellcode.com/?q=node/12
- High Level Windows Shellcode Development Methods
- The Art of Win32 Shellcoding
- Linux 64 bit shellcode
EXPLOIT RESEARCH:
- http://packetstormsecurity.com/files/tags/proof_of_concept/
- http://1337day.com/
- http://www.exploit-db.com/
- http://www.securityfocus.com/bid
ARTICLES:
- Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg
- Smashing the stack in 2010 (improved)
- http://www.exploit-db.com/wp-content/themes/exploit/docs/27657.pdf
- Debugging Fundamentals for Exploit Development
BOOKS:
- The Shellcoder’s Handbook ~ http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/0764544683
- Bug Hunter’s Diary ~ http://nostarch.com/bughunter
- The Art of Exploitation (2nd Edition) ~ http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441
- Gray Hat Python: Python Programming for Hackers and Reverse Engineers – http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921
IMMUNITY DEBUGGER & mona.py (amazing Corelan stuff):
IDA PRO:
- IDA Pro Disassembler & Debugger ~ http://tuts4you.com/download.php?list.67
- Free IDA Pro Binary Auditing Training Material for University Lectures ~ http://www.binary-auditing.com/
- The IDA Pro Book: http://www.amazon.it/The-Ida-Pro-Book-Disassembler/dp/1593272898
OLLY DBG:
- Lena’s Reversing for Newbies ~ http://tuts4you.com/download.php?list.17
- OllyDbg Tutorials ~ http://tuts4you.com/download.php?list.29
- OllyDbg Plugins ~ http://tuts4you.com/download.php?list.3
- OpenRCE ~ http://www.openrce.org/downloads/
- OllyDbg Tricks for Exploit Development
GDB:
- SecurityTube’s SLAE (SecurityTube Linux Assembly Expert) course ~http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/index.html
- http://www.cs.cmu.edu/~gilpin/tutorial/
- http://beej.us/guide/bggdb/
- Quick reference
I’m trying to keep this list revised, other links are welcome!!
settembre 13, 2013 | Categorie: Uncategorized | Lascia un commento
Exploit development and programming
As you can see in wikipedia articles “An exploit (from the verb to exploit, in the meaning of using something to one’s own advantage) is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerised). Such behavior frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial-of-service attack.”, so if you want to join exploit world you must learn programming! You can’t master it all but at the beginning almost one. Here a little and personal panning shot:
– Python: I think the best program languages, easy, documented and first-class (version 2.7.5 recommend):
– http://www.codecademy.com/tracks/python
– http://en.wikibooks.org/wiki/Subject:Python_programming_language
– http://www.blackhatlibrary.net/Python
– http://docs.python.org/2/py-modindex.html
– useful books (you can find in Amazon):
– Learn Python The Hard Way – Release 2.0 – Zed A. Shaw
– Foundations_of_Python_Network_Programming_Second_Edition
– Violent Python_ A Cookbook for – T. J. O’Connor
– Gray Hat Python
– Core.Python.Applications.Programming.3rd.Edition
Ruby: Another scripting language. Young, strong and expressive. Easy to learn and a must have if you want to work with Metasploit (version 1.9.3 reccommend)
– http://en.wikibooks.org/wiki/Subject:Ruby_programming_language
– http://www.blackhatlibrary.net/Ruby
– useful books:
– Learn Ruby The Hard Way – Release 2.0 – Zed A. Shaw and Rob Sobers
– Programming_ruby_1.9_3rd_edition
– Metaprogramming ruby: program like the ruby pros
– Metasploit Toolkit for Penetration Testing, Exploit Development, & Vulnerability Research
Perl: First exploit development scripting language. Now I think that Python is better.
– http://www.blackhatlibrary.net/Perl
– Useful books:
– The Best Perl Programmers Use Modern Perl
C/C++: A must have in exploit development. I think is harder by newbie to master it, but timing spent learning C is never lost time.
C:
– http://www.blackhatlibrary.net/C
– http://www.java2s.com/Tutorial/C/CatalogC.htm
– useful books:
C++ : After C you can complete your studies with C++
– http://www.cplusplus.com/doc/tutorial/
– http://www.blackhatlibrary.net/CPP
x86 Assembly: old programming language but a must have to learn how CPU and memory works.
– http://www.skullsecurity.org/wiki/index.php/Fundamentals
– http://www.blackhatlibrary.net/Assembly (Windows)
– http://www.securitytube.net/groups?operation=view&groupId=6 (Windows)
– http://www.securitytube.net/groups?operation=view&groupId=5 (Linux)
– http://www.blackhatlibrary.net/Linux_assembly (Linux)
– useful books:
– x86 Disassembly Exploring the relationship between C, x86 Assembly, and Machine Code
– The Art of Assembly Language
– Assembly Language for x86 Processors sixth edition
– video:
– Windows assembly Megaprimer by Vivek on Securitytube
– Assembly language Megaprimer on Linux by Vivek
Windows programming: learn how an os works
– http://en.wikibooks.org/wiki/Windows_Programming
– http://www.relisoft.com/win32/index.htm
– useful books:
extra:
– Powershell: Microsoft scripting language
Linux programming:
– useful books:
extra:
– Bash: scripting language based on shell, useful to automize POSIX works
– http://tldp.org/LDP/abs/html/
– Pro Bash Programming Scripting the GNU/Linux Shell
– only for Italian: http://gapil.gnulinux.it/download/
Disassembly: not a real programming language but useful to understand how memory works and learn a lot of info about assembly
– http://en.wikibooks.org/wiki/X86_Disassembly
– useful books:
You can also improve yuorself by studying other exploits/works around network, try to do better!
In hopes that this list have purify your mind and pushed in right way, I want to ask you to help me improve and update it.