
This lecture will give you an overview of what software you need to install for this course, and how it can be installed.
This lecture will show you how to install Kali as a virtual machine.
In this lecture you will learn how to install a vulnerable software, so we can use it to practice exploit development in future lectures.
In this lecture you will learn how to connect to the vulnerable software from Kali Linux.
In this lecture you will learn how to install Immunity debugger, so we can use it to write exploits, analyze programs, and reverse engineer binary files.
In this lecture you will learn how to sends crafted packages to an application in order to make it crash.
In this lecture you will learn how to fuzz the program to detect the vulnerable commands.
In this lecture you will learn how to identify the position of EIP register.
In this lecture you will learn how to overwrite the EIP register value.
In this lecture you will learn how to identify the bad characters. The buffer should not contain zero characters as it terminates the string and make our attack fail. You have to check if there is other bad characters.
In this lecture you will learn how to find an address which contains a JMP ESP instruction. You have to check the registers and the stack. You have to find a way to jump to our buffer to execute our code. ESP points to the beginning of the C part of our buffer. You have to find a JMP ESP or CALL ESP instruction. Do not forget, that the address must not contain bad characters!
In this lecture you will learn how to generate a shellcode using MSFvenom.
The primary goal of this course is to provide you with practical exposure to the world of bug hunting. After taking this course, you will have a better understanding of the approaches (reverse engineering, exploit development) that bug hunters use to find security vulnerabilities. You will learn how to exploit Buffer Overflows on Windows systems. This is an initial course and begins from the very basics of exploitation and is beginner-friendly.
The difficulty is that most IT professionals do not have the general software development background required to begin the subject of buffer overflow. This course cuts down the technical subjects of computer memory management, controlling code, and data inside of a working program, and exploiting poor quality software into terms that IT people with no software development knowledge can understand.
A buffer overflow is a popular software coding error that an intruder could use to take control over your system. To efficiently decrease buffer overflow vulnerabilities, it is necessary to understand what buffer overflows are, what threats they act to your applications, and what methods attackers use to successfully exploit these vulnerabilities.
In this course, you will learn how to use different tools such as Immunity Debugger, Mona library for Immunity Debugger, Metasploit, msfvenom, Spike, File Fuzz and much more. This course is intended to be practical.
In this course, we will answer the following questions:
What is Buffer Overflow?
How do buffer overflow attacks work?
How to find buffer overflow vulnerabilities?
How to write a buffer overflow exploit?
Syllabus:
Reverse engineering.
Fuzzing applications.
Using a debugger to examine the crash.
Identifying error conditions using debugging.
Targeting the EIP register.
Identifying bad characters.
Locating the vulnerable module.
Creating final exploit code.
Exploit development.
Gain Remote Code Execution on Windows.
With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 10 hours.
NOTE: This course is created for educational purposes only.