
This video will give you an overview about the course.
The aim of this video is to teach you about OllyDbg.
Explore PuTTY and OllyDbg
Learn about searching and breakpoints
Modify the EXE
The aim of this video is to create Malware.
Get introduced to Kali Linux
Learn about Msfvenom Payloads
Learn how to deliver the Malware
Learn about adding Trojans.
Redirect code execution with OllyDbg
Know what happens with the INT 3 instruction
Insert real Shellcode
The aim of this video is to teach you about introductory assembly language.
Learn about Jasmin, an assembly language simulator
Explore addressing and RAM
Get to know more about stack
This video is the 1st Challenge.
Explore Challenge 1A: hacking a game
Learn how to go to the Winners Board
Explore Challenge 1B: hacking three games
This video is the 2nd Challenge.
Explore Challenge 2A: hacking 19 games
Explore Challenge 2B: hacking 256 games
This video is the 3rd Challenge.
Know how to perform the final challenge
The aim of this video is to teach you Ping form.
Learn about the router configuration page
Create a vulnerable form
Take up the challenge
Learn about string overflow.
Exploit the vulnerable C code
Get to know the working of the vulnerable form
Take up the challenge
We’ll continue learning the command injection ImageMagick.
Explore ImageMagick
Demonstrate its command injection vulnerability
Take up the challenge
The aim of this video is to cover SQL Injection.
Explore database concepts and SQL
Demonstrate SQL injection
Let’s continue with some SQL Injection challenges.
Challenge 1: display names for administrators
Challenge 2: create a file on my server with your name as filename
Continue working on Challenge 3 and 4 for your practice
This video will take you through exploring more about redirecting execution.
Create a vulnerable program in C
View memory usage with Gdb
Perform a Buffer Overflow Exploit
The aim of this video is to learn more about using Shellcode.
Create a vulnerable program
Demonstrate inserting a shellcode
Learn about adjusting exploits
The aim of this video is to learn about Msfvenom to make shellcode.
Explore the basic options of Msfvenom
Learn to find and avoid bad characters
Take a look at an example for better understanding
Get to learn more about format string vulnerability with this video.
Explore Format Strings
Write to the Global offset table
Complete your exploit using Four Write Operations
The aim of this video is to learn about heap overflow.
Learn about the heap structure
Create a vulnerable program
Plan and complete the exploit
The aim of this video is to show you some challenges.
Understand Challenge 1a and 1b
Understand Challenge 2a, 2b and 2c
Understand Challenge 3 and 4
The aim of this video is to learn about exploiting windows vulnerabilities with Stack overflow.
Get introduced to the Vulnserver reusing
Explore how to use Immunity Debugger
Write a software that targets EIP
The aim of this video is to learn about ASLR.
Explore Mona and learn how to use it
Learn how to use Trampoline Code
Create the final exploit
The aim of this video is to learn about DEP.
Explore more about DEP
Learn about ROP
Execute using the command
The aim of this video is to learn about heap spray.
Learn about defeating ASLR
Explore string variables in JavaScript and how to use unescape
Exploit heap spray
The aim of this video is to learn how to exploit SEH.
Learn about turn off DEP and SEHOP
Discuss exception handling
Use a stack pivot to create a final exploit
Get to know about SPIKE in this video.
Fuzz a simple Ncat Listener
Fuzz Vulnserver
Detect crashes with Wireshark
The aim of this video is to take up the challenges attacking other methods of vulnerable server.
Challenge 1 – Fuzz KSTET with SPIKE
Challenge 2 – Complete the GMON Exploit
Know how to work around these challenges
A penetration tester who only knows how to use tools written by others is limited to old techniques. Learning to develop your own exploits will make you much more powerful. Python is the favorite choice for penetration testers because it combines simplicity and ease of use with advanced features.
This video course starts with high-level code injection, the simplest sort of exploit. It then explains binary exploits that allow you to skip past unwanted code, such as the password or product key tests, and add Trojan code. You will perform the exploit development process: finding a vulnerability, analyzing a crash in a debugger, creating a crafted attack, and achieving remote code execution on Windows and Linux. You will use the gdb debugger to analyze Linux executables and Python code to exploit them. On Windows, you'll use the Immunity debugger and Python.
About the Author
Sam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEFCON, HOPE, B-Sides SF, B-Sides LV, BayThreat, LayerOne, Toorcon, and many other schools and conferences. Credentials: PhD, CISSP, DEF CON Black-Badge Co-Winner