Exploit Development for Ethical Hackers and Ethical Hacking

Gain exploit development skills with hands-on labs, develop exploits for Email & FTP Servers and experience web fuzzing
3.8 (6 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
160 students enrolled
88% off
Take This Course
  • Lectures 27
  • Length 3 hours
  • Skill Level All Levels
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 5/2016 English

Course Description

26Securelabs Exploit Development course is designed in a way to help you learning exploit development without opening many books. You would learn exploit development by means of hands-on labs.

What you will get?

This course includes 3 hours of downloadable lecture videos which teaches exploit development by practices. We have also added one quiz consisting of 25 questions on exploit development. You will also get courseware PDF which have been used during the videos.

What you will learn?

Exploit development in a nutshell and core concepts, tools and techniques which are building blocks for anyone who wants to learn exploit development in fast pace.

You will learn how to discover buffer overflow vulnerabilities in FTP Servers, Email Server and how to discover weaknesses in web servers. In any exploit development and research, fuzzing place an important role, this course will teach you different methods of fuzzing.

You will learn how to code fuzzers and real working exploits. Follow the pace of course and you should be able to write your own working exploit as explained in the course.

We believe this course is really informative for exploit development, we do not claim it will take you from zero to infinity but you will get what we have explained here.

You will rock once you develop your first working exploit after completing the course, however following instructions is a must.

What are the requirements?

  • TCP/IP
  • Programming Concepts
  • Windows Basics
  • Experience with any one programming language

What am I going to get from this course?

  • Get Hands-on Experience in Exploit Development
  • Master Fuzzing Techniques and Methods
  • Write Working Exploits
  • Take Examination (Quiz of 25 Questions)
  • Use Mona.py and Metasploit Framework for Exploit Development

Who is the target audience?

  • IT Professionals
  • IT Security Professionals
  • Programmers
  • College Students
  • Script Kiddies

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Module A - Fundamentals of Buffer Overflows

What you will take home:

  • Exploit Development Knowledge
  • Exploit Development Experience
  • Exploits Developed by YOU!
  • Examination on Exploit Development (Quiz of 25 Questions)

Congratulation! You have chosen the path for becoming a true ethical hacker or an experienced penetration tester. 

As covered in previous topic, “script kiddie” heavily depends on tools and they really don’t understand what the tool do in the background or how exploit works. Exploit Development’s treasure is basically hidden in the buffer overflows mainly. 


Understanding some of core concepts in buffer overflows and exploit development.


Quick explanation on what is Heap and difference between Stack and Heap


Fuzzing Lab Part 1 - Playing with Vulnerable Application. Replicating the crash and discovering vulnerability in FTP Server by using Metasploit ftp_pre_post fuzzer.


Fuzzing Lab Part2 - Replicating the crash again with Metasploit ftp_pre_post fuzzer and attaching the ftp server with Immunity Debugger to find what happened in the background and register value the time application server crashed.

Manually coding our fuzzer in Python. You can download the skeleton from the course curriculum link. Happy Exploit Development


Fuzzing Lab Part 3 - Finding EIP Offset and overwriting the EIP with over manual our own fuzzer. Generating cyclic patterns with Mona.py and learning how to find offset value with Mona.py. Setting up arranging of stack.


Arranging the Stack. Finding the "Stack" Address i.e. finding JMP ESP manually. Generating shell-code and Developing Exploit.


Looking for JMP ESP Addresses. Ways to Jump to the Stack where our shellcode is in memory


Explanation of how we actually wrote the exploit code. Talking about Padding, Stack arrangement and more..


Quick walk through of the whole process we have gone through in developing exploit for this vulnerable application


Discussing different methods of generating payloads

Section 2: Module B - Smashing the Instruction Pointer

Part 1 of Fuzzing PCMan FTP Server as we have learned in previous lectures and lab sessions


Part 2 of Fuzzing PCMan FTP Server as we have learned in previous lectures and lab sessions


Finding Addresses for JMP Statement. Looking in different DLL file this time


Quickly Developing exploit for PCMan FTP Server




Writing our Fuzzer for manually fuzzing this eMail Server


Replicating Crash and Finding EIP Offset


Finding stack addresses in for esp and coding the exploit for this email server


Write  fuzzer for Kolibri Web Server and Overwriting different registers along with EIP Register.

25 questions

This Quiz will be based on some of core concepts in Exploit Development. 

Section 3: Module C – How to Code Exploits

What you should be focusing on in order to gain expertise in exploit development from tools and platforms standpoint.


Explanation on how you can be good in exploit development.


Tips for consideration


Links for downloading these vulnerable applications and our fuzzers and exploits we have developed during the course

Section 4: Additional Section - Legal Disclaimers & Preventing Application Hacks

This course is solely for the educational purposes. Any party or person involved in this course development or presentation, should not be held responsible for misuse of the information provided in this course. This course is developed to teach ethical hacking and its sole purpose is educational and for positive usage. It discourage any mis use of the course and any activity which conflicts or against any countries cyber, computer, privacy or legal related laws.


Talk on Code Security Review and some general methods on preventing buffer overflows. This is an additional lecture into our course to give you some thoughts and ethical behavior in this course

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Research Wing of 26Securelabs Exploit Academy, Teaching students from 31 countries

Exploit Academy's Instructor(s) are professional(s) in ethical hacking and penetration testing. Excited about finding vulnerabilities and passionate about teaching skills we have. You will learn from experienced professional(s) holding CISSP, CEH, CEI and have been delivering security courses around the world. 

Our professional(s) have hands-on ethical hacking / penetration testing experience while pen-testing for financial institutions and other industry sectors in real world scenarios. 

Exploit-Academy is bringing the knowledge and experience of these professional(s) at your Desktop to take you to the destination of professional in Ethical Hacking. We hope it will be beneficial for your career and thank you for taking the course

Ready to start learning?
Take This Course