What you'll learn

Get Hands-on Experience in Exploit Development
Master Fuzzing Techniques and Methods
Write Working Exploits
Take Examination (Quiz of 25 Questions)
Use Mona.py and Metasploit Framework for Exploit Development

Course content

4 sections • 27 lectures • 3h 1m total length

Why Learn Exploit Development8:28
What you will take home:

Exploit Development Knowledge
Exploit Development Experience
Exploits Developed by YOU!
Examination on Exploit Development (Quiz of 25 Questions)
Introduction to Buffer Overflows6:57
Congratulation! You have chosen the path for becoming a true ethical hacker or an experienced penetration tester.

As covered in previous topic, “script kiddie” heavily depends on tools and they really don’t understand what the tool do in the background or how exploit works. Exploit Development’s treasure is basically hidden in the buffer overflows mainly.
Why Buffer Overflows Occurs4:28
Understanding some of core concepts in buffer overflows and exploit development.
What is Heap?1:52
Quick explanation on what is Heap and difference between Stack and Heap
FTP Server Fuzzing Lab Part13:52
Fuzzing Lab Part 1 - Playing with Vulnerable Application. Replicating the crash and discovering vulnerability in FTP Server by using Metasploit ftp_pre_post fuzzer.
FTP Server Fuzzing Lab Part25:21
Fuzzing Lab Part2 - Replicating the crash again with Metasploit ftp_pre_post fuzzer and attaching the ftp server with Immunity Debugger to find what happened in the background and register value the time application server crashed.
Manually coding our fuzzer in Python. You can download the skeleton from the course curriculum link. Happy Exploit Development
FTP Server Fuzzing Lab Part311:24
Fuzzing Lab Part 3 - Finding EIP Offset and overwriting the EIP with over manual our own fuzzer. Generating cyclic patterns with Mona.py and learning how to find offset value with Mona.py. Setting up arranging of stack.
FTP Server Fuzzing Lab Part 4 and Coding Exploit For FTP Server8:29
Arranging the Stack. Finding the "Stack" Address i.e. finding JMP ESP manually. Generating shell-code and Developing Exploit.
Methods for Finding ESP Address (JMP ESP)8:59
Looking for JMP ESP Addresses. Ways to Jump to the Stack where our shellcode is in memory
FTP Server Exploitation Lab Explanation10:42
Explanation of how we actually wrote the exploit code. Talking about Padding, Stack arrangement and more..
Exploitation in a Nutshell (Quick Exploit Development)11:03
Quick walk through of the whole process we have gone through in developing exploit for this vulnerable application
Methods for Generating Payloads (Shellcodes)6:52
Discussing different methods of generating payloads

Fuzzing PCMan FTP Server (All in one Lab) Part 13:58
Part 1 of Fuzzing PCMan FTP Server as we have learned in previous lectures and lab sessions
Fuzzing PCMan FTP Server (All in one Lab) Part 24:56
Part 2 of Fuzzing PCMan FTP Server as we have learned in previous lectures and lab sessions
Finding the JMP ESP in PCMan FTP Server2:04
Finding Addresses for JMP Statement. Looking in different DLL file this time
Developing Exploit for PCMan FTP Server4:35
Quickly Developing exploit for PCMan FTP Server
Fuzzing Seattlelab eMail Server (All in one Lab) Setup2:33
Setup
Fuzzing Seattlelab eMail Server (All in one Lab) Part 17:47
Writing our Fuzzer for manually fuzzing this eMail Server
Fuzzing Seatlelab eMail Server (All in one Lab) Part 27:48
Replicating Crash and Finding EIP Offset
Finding JMP ESP and Developing Exploit For Seattlelab eMail Server7:24
Finding stack addresses in for esp and coding the exploit for this email server
Fuzzing and Crashing Web Server (Overwriting EIP and Other Registers)16:42
Write fuzzer for Kolibri Web Server and Overwriting different registers along with EIP Register.
Exploit Academy's Exploit Development Examination (Quiz)

Exploit Development Platforms10:51
What you should be focusing on in order to gain expertise in exploit development from tools and platforms standpoint.
Before You Start Developing Exploits and Fuzzers9:26
Explanation on how you can be good in exploit development.
Launching a Shell in Remote Machine (One Consideration) - Quick Notes5:24
Tips for consideration
Vulnerable Applications Links and Exploits we have developed in Lab Lectures0:06
Links for downloading these vulnerable applications and our fuzzers and exploits we have developed during the course

Solely for educational purposes1:34
This course is solely for the educational purposes. Any party or person involved in this course development or presentation, should not be held responsible for misuse of the information provided in this course. This course is developed to teach ethical hacking and its sole purpose is educational and for positive usage. It discourage any mis use of the course and any activity which conflicts or against any countries cyber, computer, privacy or legal related laws.
Optional - "Preventing Hacking" by avoiding Buffer Overflows.7:48
Talk on Code Security Review and some general methods on preventing buffer overflows. This is an additional lecture into our course to give you some thoughts and ethical behavior in this course

Requirements

TCP/IP
Programming Concepts
Windows Basics
Experience with any one programming language

Description

This course is designed in a way to help you learning exploit development without opening many books. You would learn exploit development by means of hands-on labs.

What you will get?

This course includes 3 hours of lecture videos which teaches exploit development by practices. We have also added one quiz consisting of 25 questions on exploit development. You will also get courseware PDF which have been used during the videos.

What you will learn?

Exploit development in a nutshell and core concepts, tools and techniques which are building blocks for anyone who wants to learn exploit development in fast pace.

You will learn how to discover buffer overflow vulnerabilities in FTP Servers, Email Server and how to discover weaknesses in web servers. In any exploit development and research, fuzzing place an important role, this course will teach you different methods of fuzzing.

You will learn how to code fuzzers and real working exploits. Follow the pace of course and you should be able to write your own working exploit as explained in the course.

We believe this course is really informative for exploit development, we do not claim it will take you from zero to infinity but you will get what we have explained here.

You will rock once you develop your first working exploit after completing the course, however following instructions is a must.

Who this course is for:

IT Professionals
IT Security Professionals
Programmers
College Students
Script Kiddies

What you'll learn

Explore related topics

Course content

Module A - Fundamentals of Buffer Overflows12 lectures • 1hr 28min

Module B - Smashing the Instruction Pointer9 lectures • 58min

Module C – How to Code Exploits4 lectures • 26min

Additional Section - Legal Disclaimers & Preventing Application Hacks2 lectures • 9min

Requirements

Description

Who this course is for: