I put some time in and compiled a list in a course type layout to help people in process of learning exploit development. I hope my research will help others spend more time learning and less time searching.
First off I want to thank the Friends for the help they have provided me so far in the process.
layout: I will be posting in a hierarchical structure, each hierarchy structure should be fully understood before moving on to the next section. I will also post sets of Parallel learning topics that you can use to study in line with other topics to help prevent monotony. These Parallel areas will have a start and end mark which shows when they should be complete in perspective to the overall learning
Other Posts like this one i have discovered while googling :
Because of quality of these posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much.
So Check This Out Guys Before u go down
past-present-future of windows exploitation
smashing the stack in 2010
IT-Sec-catalog
Part 1: Programming
Because of quality of these posts I wanted to put them at the top. I could not figure out where to put them in the list because they cover so much.
So Check This Out Guys Before u go down
past-present-future of windows exploitation
smashing the stack in 2010
IT-Sec-catalog
Part 1: Programming
Parallel learning #1:
(complete this section before getting to the book
"Hacking Art of exploitation") While going through the
programming area I concentrate on core topics to help us later on with exploit
writing. One area that is very good to pick up is some kind of scripting
language. Listed below are some of the most popular scripting languages and ones
I feel will prove to be the most useful. Python: One of my favorite languages
and growing in popularity python is a powerful language that is easy to use and
well documented. 1. Learn Python the hard way
5.Grey hat python
If you plan on later on working inside of metasploit this may be the language
you want to start with. I highly suggest this for exploit developers to learn. Wikibooks Ruby,
LittleBookOfRuby, Ruby Programmers Guide,
onlinecomputerbooks.com
Perl: An older language that still has a lot of use perl is one of the highest
used scripting languages and you will see it used in many exploits. (I would
suggest python over perl) [book] O'Reilly Learning Perl onlinecomputerbooks.com C and C++ programming: It is very important to understand
what you are exploiting so to get started let us figure out what we are
exploiting. You do not need to go through all of these but when finished with
this section you should have a good understanding of C and C++ programming. Cprogramming.com http://www.java2s.com/Tutorial/C/CatalogC.htm http://beej.us/guide/bgc/ onlinecomputerbooks.com X86 Assembly: Ok now to understand what the computer reads
when we compile C and C++. I am going to mostly stick to the IA-32(X86)
assembly language. Read the first link to understand why. It explains it very
well. Skullsecurity: Assembly Windows Assembly Programming Tutorial http://en.wikibooks.org/wiki/X86_Assembly [book]The Art of Assembly Assembly primer for hackers PC Assembly Language Windows Programming: This is to help understand what we are
programming in and the structure of libraries in the OS. This area is very
important far down the line http://en.wikibooks.org/wiki/Windows_Programming http://www.relisoft.com/win32/index.htm [book]Windows Internals 5 [book]Windows Internals 4 Disassembly: Dissassembly is not as much programming as it
is what the computer understands and the way it is interpreted from CPU and
memory. This is where we start getting into the good stuff. http://en.wikibooks.org/wiki/X86_disassembly The Art of Disassembly
Part 2: Getting started
Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation. Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed. Smash the stack for fun and profit (Phrack 49) C function call conventions and the stack Anatomy of a program in memory Function Calls, Part 1 (the Basics) IA-32 Architecture [videos]Code Audit from cryptocity.net (Parallel learning #1 finished: You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages) [Book]Hacking art of exploitation [Chapter 1&2]
Part 2: Getting started
Now that we have a very good understanding of programming languages and what the machine is doing we can start working on task at hand, exploitation. Here I will start a lot of the learning in very much a list format and adding in comments or Parallel learning areas when needed. Smash the stack for fun and profit (Phrack 49) C function call conventions and the stack Anatomy of a program in memory Function Calls, Part 1 (the Basics) IA-32 Architecture [videos]Code Audit from cryptocity.net (Parallel learning #1 finished: You should now have finished on Parallel learning 1 and have a good understanding of one of the 3 languages) [Book]Hacking art of exploitation [Chapter 1&2]
#2:(complete this section before end of part 2) (Read
the first few posts on this blog has some good info) Kspice blog (Read
some of the post from this blog they are very helpful with starting out with
fuzzers.) Nullthreat's blog
(I am linked directly to a demo exploit for this area but this is a useful blog
to keep track of for many things) A demo exploit
tenouk.com: Buffer overflow intro The Tao of Windows Buffer Overflow nsfsecurity on BOF
Hacker center: BOF [video]Buffer overflow Primer [Book]Shellcoder's Handbook Ch1&2 [Book]Hacking art of exploitation [Chapter 3] SEH Based Exploits and the development process SEH overwrite simplified
((Parallel learning #2 finished:)
Part 3:Tools of the trade
This is a list of tools I have started using and find very
useful. Immunity Debugger Ollydbg
Windbg
IDA Pro explorer suite
Sysinternals
And here are some corelan posts on how to use them. I will supply more in
future but this is a very good start. (Or Drop in a Comment Box Or mail me at
suren.click.com)
Part 4: Network and Metasploit
(Networking) Beej.us network programming [Book]Hacking art of exploitation [Chapter 4] Socket Programming in ruby (Metasploit) [Video]Security Tube: Metasploit Megaprimer Metasploit.com Metasploit Unleashed [video]Metasploit Louisville Class Metasploitable (a target) Corelan T4
intern0t: developing my first exploit [video]DHAtEnclaveForensics: Exploit Creation in
Metasploit Wikibooks Metasploit/Writing Windows Exploit
Part 5: Shellcode
Corelan T9
projectShellcode: Shellcode Tutorial [Book]Shellcoder's Handbook Ch3 [Book]Hacking art of exploitation [Chapter 5] Writing small shellcode
Shell-storm Shellcode database
Advanced shellcode
Part 6: Engineering in Reverse
Parallel Learning #3:(constant place to reference and use
for reversing) Understanding Code Reverse Engineering the World Reversing for Newbies Room362.com reversing blog post Ethicalhacker.net intro to reverse engineering acm.uiuc.edu Intro to Reverse Engineering
software [Book]Reversing: secrets of reverse engineering [video]Reverse Engineering from cryptocity.net CrackZ's Reverse Engineering Page Reverse engineering techniques CBM_1_2_2006_Goppit_PE_Format_Reverse_Engineer_View HistoryofPackingTechnology Windows PE Header OpenRCE Articles [GAME]Crackmes.de
- Part 7: Getting a little deeper into BOF
Parallel Learning #4:(To the end of the course and beyond)
Find old exploits on Exploit-db
download them, test them, rewrite them, understand them. (Part A: preventions) Buffer overflow protection The evolution of Microsoft's Mitigations Purdue.edu: Canary Bit Preventing the exploitation of SEH Overwrites
with SEHOP Bypassing SEHOP Wikipedia Executable space protextion Wikipedia DEP
Bypassing Hardware based DEP Wikipedia ASLR
Symantec ASLR in Vista Defeating the Stack Based Buffer Overflow
Prevention Corelan T6
Return to libc
[video] microsoft protections video (Part B: Advanced BOF) [video]Exploitation from cryptocity.net
[GAME]Gera's Insecure Programming [GAME]Smash the stack wargaming network
Part 8: Heap overflow
Heap Overflows for Humans-101
rm -rf / on heap overflow w00w00 on heap overflow
[book]Shellcoder's Handbook Ch4&5 h-online A heap of Risk [video]Defcon 15 remedial Heap Overflows heap overflow: ancient art of unlink seduction Memory corruptions part II -- heap [book]Read the rest of Shellcoder's Handbook
Part 9: Exploit listing sites
I Hope Its a great post for those who get some skills
on exploit writing
Thanks,