Hands-on Fuzzing and Exploit Development (Advanced)
4.6 (51 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
875 students enrolled

Hands-on Fuzzing and Exploit Development (Advanced)

Learn advanced techniques of creating exploits
4.6 (51 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
875 students enrolled
Created by Uday Mittal
Last updated 6/2019
English
Current price: $65.99 Original price: $94.99 Discount: 31% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 8.5 hours on-demand video
  • 37 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Assignments
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Advanced techniques of creating exploits such as Egg Hunters, ASLR Bypass, Function reuse etc.
  • Writing Unicode compatible exploits
  • How to do long and short jumps in exploits
  • How to do stack pivoting
  • Fuzzing through Spike, Peach Fuzzer, FilFuzz and BooFuzz
  • Creating Peach Pits, BooFuzz scripts and fuzzing scripts in Python
  • How to tackle restrictive conditions such as limited buffer space or limited character set
  • Create exploits from scratch for complicated file-formats such as ZIP
  • Manually encoding shellcode
Requirements
  • Basic knowledge of x86 Assembly Language
  • Basic knowledge of Kali Linux
  • Basic knowledge of Python
  • Basic knowledge of Metasploit
  • Basic concepts of fuzzing
  • Basic knowledge of Immunity Debugger
Description

About this course

This course builds upon my previous course, Hands-on Exploit Development on Udemy.

It will teach you advanced techniques of exploiting a buffer overflow  vulnerability. Egg hunters, ASLR bypass, Stack Pivoting, Function Reuse, Manual encoding are some of the techniques covered in this course.

It follows the six stages of exploit development and  gives a detailed walk-through of each. Each module starts by identifying  the vulnerability via fuzzing. You'll learn, server fuzzing  (using Spike) and file format fuzzing (using Peach Fuzzer). It then shows  you how to create a PoC to trigger the vulnerability and convert that  PoC into a working exploit.

Through this course you will get  introduced to various tools such as Immunity Debugger, Mona library for  Immunity Debugger, Metasploit, msfvenom, Spike, Peach Fuzzer, BooFuzz and much  more.  This course is designed to be short and concise yet packed with practical knowledge.

Each video includes learning resources (in  video) and associated files (pdf slides, fuzzing scripts, peach pit python script  etc.). You can just follow along and create a working exploit. It's that  simple.  Happy hacking!

What our fellow students say about this course

"I have been looking for resources to learn different techniques of exploit development. This course was a great find. It is very easy to follow along and understand the concepts." - Surbhi Goel

"Great! More fuzzing tools are introduced."Ying-Chen Chiou

"pretty good basics,easy to follow buffer overflow" - Arun Mathew

Who this course is for:
  • Students curious about building exploits
  • Ethical Hackers
  • Penetration Testers
  • Cybersecurity Professionals
  • People preparing for OSCP, OSCE etc.
Course content
Expand all 44 lectures 08:38:04
+ Module 1 (Egg Hunters)
6 lectures 49:46

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Download Links to the tools mentioned: 

Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/

Immunity Debugger: https://www.immunityinc.com/products/debugger/

Mona Library: https://github.com/corelan/mona

Vuln server (target software): https://github.com/stephenbradshaw/vulnserver

Sublime Text Editor: https://www.sublimetext.com/ 

Virtual Box: https://www.virtualbox.org/wiki/Downloads

VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html

Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html

Preview 04:28

This video gives an overview of fuzzing and then demonstrates how to fuzz a server using Spike fuzzer

Fuzzing
07:34

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

PoC Creation
04:37

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application. 

Controlling the execution
10:37

In the video, we identify the bad characters which might break our final payload. 

Bad character analysis
08:08

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 

Cracking the shell
14:22
+ Module 2 (ASLR Bypass + Stack Pivoting)
7 lectures 01:08:46

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Download Links to the tools mentioned: 

Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/

Immunity Debugger: https://www.immunityinc.com/products/debugger/

Mona Library: https://github.com/corelan/mona

Peach Fuzzer: https://sourceforge.net/projects/peachfuzz/

CoolPlayer+ Portable (target software): https://www.exploit-db.com/apps/3279a02f72b3c5ec5870e7b0b19d2305-CoolPlayer219_Bin.zip

Sublime Text Editor: https://www.sublimetext.com/ 

Virtual Box: https://www.virtualbox.org/wiki/Downloads

VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html

Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html


Note: Instead of FileFuzz we'll be using Peach Fuzzer in this module

Preview 05:42

This video gives an overview of fuzzing and then demonstrates how to fuzz an application using Peach fuzzer

Fuzzing
14:08

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

PoC Creation
04:59

In the video, we identify the bad characters which might break our final payload. 

Preview 04:25

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application. 

Controlling the execution (ASLR Bypass)
13:55

In this video, we'll enhance the PoC created in the previous part to carve out a long jump via Stack Pivoting. 

Controlling the execution (Stack Pivoting)
13:07

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 

Cracking the shell
12:30
+ Module 3 (Unicode)
7 lectures 01:04:48

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Download Links to the tools mentioned: 

· Kali Linux 2018.1: https://www.kali.org/news/kali-linux-2018-1-release/

· Immunity Debugger: https://www.immunityinc.com/products/debugger/

· Mona Library: https://github.com/corelan/mona

· File Fuzz: https://filefuzz.software.informer.com/2.0/

· Alpha2 Encoder: https://github.com/haxtivitiez/Alpha2-encoder

· Triologic Media Player 8: https://www.exploit-db.com/apps/4e68d370d54180157bf1b578407848f4-triomp8setup.exe

· Sublime Text Editor: https://www.sublimetext.com/

· Virtual Box: https://www.virtualbox.org/wiki/Downloads

· VMWare: https://www.vmware.com/in/products/workstation-player/workstation-player-evaluation.html

· Notepad++: https://notepad-plus-plus.org/download/v7.6.1.html

Preview 04:05

This video gives an overview of fuzzing and then demonstrates how to fuzz an application using File Fuzz

Fuzzing
10:48

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

PoC Creation
08:31

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application using SEH overwrite technique

Controlling the Execution (SEH Overwrite)
11:33

In this video, we'll enhance the PoC created in the previous part to align a CPU register for the final payload shellcode.

Controlling the execution (Aligning register for shellcode)
13:14

In the video, we identify the bad characters which might break our final payload. 

Bad character analysis
08:20

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 


Link to download Alpha2 encoder: https://github.com/haxtivitiez/Alpha2-encoder

Cracking the shell
08:17
+ Assignment: NetSetMan 4.7.1
0 lectures 00:00
Recently, a buffer overflow vulnerability was found in NetSetMan 4.7.1. Your objective is to find that vulnerability and create a working exploit for it. Refer to exploit 46530 on exploit-db to download the application and get started. Create your own exploit do not just copy the existing one.
Develop a working exploit for NetSetMan 4.7.1
1 question
+ Module 4 (Limited Buffer Space / Function Reuse)
8 lectures 01:33:23

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Preview 05:52

This video gives an overview of fuzzing and then demonstrates how to fuzz an application using BooFuzz

Fuzzing
12:25

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

PoC Creation
09:11

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application. 

Controlling the execution
12:13

In the video, we identify the bad characters which might break our final payload. 

Bad character analysis
13:05

In this video, we will enhance our exploit by developing and integrating the first stage payload  shellcode.

Cracking the shell (First-stage payload)
24:08

In this video, we will complete our exploit by integrating the payload  shellcode and finally execute it to obtain shell from the target  machine. 

Cracking the shell (Second-stage payload)
07:11

This video covers the installation of BooFuzz, fuzzing framework, on Kali Linux 2018.1 and Microsoft Windows 7 SP1 (32-bit)

Bonus: BooFuzz Installation
09:18
+ Module 5 (Acrobatics / QuickZip)
16 lectures 03:58:21

This video gives an overview of the technique you'll be learning in this module. It also gives a brief overview of tools and software required for this module.

Preview 03:37

This video gives an overview of exploit development process and fuzzing. It also explains the ZIP file format specification.

Fuzzing (Understanding ZIP file format specification)
13:44

In this video we correlate the zip file format specification with the zip file structure used by the target application. This is done by reverse engineering a zip file created by the target application.

Fuzzing (Reverse engineering ZIP file structure) Part 1
14:40

In this video we correlate the zip file format specification with the zip file structure used by the target application. This is done by reverse engineering a zip file created by the target application.

Fuzzing (Reverse engineering ZIP file structure) Part 2
10:21

In this video we create a fuzzing script in Python, based on our correlation exercise.

Fuzzing (Creating fuzzing script)
18:28

In this video we create sample ZIP files using the fuzzing script and fuzz the target application using FileFuzz

Fuzzing (Fuzz QuickZip.exe)
12:06

In this video, we'll take the results from the previous part and create a  PoC script in Python. The aim is to replicate the crash in the target  application. 

PoC Creation
08:09

In this video, we'll enhance the PoC created in the previous part to take control of the execution flow of the application. 

Controlling the execution
23:49
Bad character analysis - Part 1
17:05

In the video, we identify the bad characters which might break our final payload. 

Bad character analysis - Part 2
12:48

In this video, we add complimentary conditional short jump to the PoC.

Cracking the shell (Short Jump)
16:30

In this video we carve out a long jump onto the stack

Cracking the shell (Long Jump)
16:11

In this video we generate egg hunter shellcode and start the process of encoding it manually.

Cracking the shell (Egg Hunter - Encoding - Part 1)
20:40

In this video, we complete the process of manually encoding the egg hunter shellcode.

Cracking the shell (Egg Hunter - Encoding - Part 2)
15:58

In this video, we add the encoded egg hunter to the PoC and give it a test run.

Cracking the shell (Egg Hunter - Execution)
17:05

In this video, we generate the payload shellcode, encode it using an encoder and execute it to obtain a shell from the target machine.

Cracking the shell (Payload shellcode)
17:10
+ Assignment: Kenward Zipper 1.4
0 lectures 00:00
Use your skills from the Acrobatics module to develop a working exploit for Kenward Zipper 1.4
Develop a working exploit for Kenward Zipper 1.4
1 question