Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Development Tools No-Code Development
Business
Entrepreneurship Communications Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certification Network & Security Hardware Operating Systems Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design Design Thinking 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition Yoga Mental Health Dieting Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Teacher Training Test Prep Other Teaching & Academics
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Cisco CCNA CompTIA Security+ Amazon AWS Microsoft AZ-900
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Character Design Canva Figure Drawing
Life Coach Training Neuro-Linguistic Programming Personal Development Personal Transformation Mindfulness Life Purpose Meditation CBT Emotional Intelligence
Web Development JavaScript React CSS Angular PHP Node.Js WordPress Vue JS
Google Flutter Android Development iOS Development React Native Swift Dart Programming Language Mobile Development Kotlin SwiftUI
Digital Marketing Google Ads (Adwords) Social Media Marketing Google Ads (AdWords) Certification Marketing Strategy Internet Marketing YouTube Marketing Email Marketing Retargeting
Microsoft Power BI SQL Tableau Business Analysis Data Modeling Business Intelligence MySQL Data Analysis Blockchain
Business Fundamentals Entrepreneurship Fundamentals Business Strategy Business Plan Startup Freelancing Online Business Blogging Home Business
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Blender
30-Day Money-Back Guarantee
IT & Software Network & Security Exploit Development

Hands-on Fuzzing and Exploit Development (Advanced)

Learn advanced techniques of creating exploits
Rating: 4.3 out of 54.3 (56 ratings)
1,079 students
Created by Uday Mittal
Last updated 6/2019
English
30-Day Money-Back Guarantee

What you'll learn

  • Advanced techniques of creating exploits such as Egg Hunters, ASLR Bypass, Function reuse etc.
  • Writing Unicode compatible exploits
  • How to do long and short jumps in exploits
  • How to do stack pivoting
  • Fuzzing through Spike, Peach Fuzzer, FilFuzz and BooFuzz
  • Creating Peach Pits, BooFuzz scripts and fuzzing scripts in Python
  • How to tackle restrictive conditions such as limited buffer space or limited character set
  • Create exploits from scratch for complicated file-formats such as ZIP
  • Manually encoding shellcode

Requirements

  • Basic knowledge of x86 Assembly Language
  • Basic knowledge of Kali Linux
  • Basic knowledge of Python
  • Basic knowledge of Metasploit
  • Basic concepts of fuzzing
  • Basic knowledge of Immunity Debugger

Description

About this course

This course builds upon my previous course, Hands-on Exploit Development on Udemy.

It will teach you advanced techniques of exploiting a buffer overflow  vulnerability. Egg hunters, ASLR bypass, Stack Pivoting, Function Reuse, Manual encoding are some of the techniques covered in this course.

It follows the six stages of exploit development and  gives a detailed walk-through of each. Each module starts by identifying  the vulnerability via fuzzing. You'll learn, server fuzzing  (using Spike) and file format fuzzing (using Peach Fuzzer). It then shows  you how to create a PoC to trigger the vulnerability and convert that  PoC into a working exploit.

Through this course you will get  introduced to various tools such as Immunity Debugger, Mona library for  Immunity Debugger, Metasploit, msfvenom, Spike, Peach Fuzzer, BooFuzz and much  more.  This course is designed to be short and concise yet packed with practical knowledge.

Each video includes learning resources (in  video) and associated files (pdf slides, fuzzing scripts, peach pit python script  etc.). You can just follow along and create a working exploit. It's that  simple.  Happy hacking!

What our fellow students say about this course

"I have been looking for resources to learn different techniques of exploit development. This course was a great find. It is very easy to follow along and understand the concepts." - Surbhi Goel

"Great! More fuzzing tools are introduced." -  Ying-Chen Chiou

"pretty good basics,easy to follow buffer overflow" - Arun Mathew

Who this course is for:

  • Students curious about building exploits
  • Ethical Hackers
  • Penetration Testers
  • Cybersecurity Professionals
  • People preparing for OSCP, OSCE etc.

Featured review

Chang Tan
Chang Tan
20 courses
11 reviews
Rating: 4.5 out of 5a year ago
It's pretty good, but this is not a beginner friendly class. A lot of people would get lost in the sauce had they not practiced beforehand the Offensive Security Penetration Testing With Kali Linux course and understood the basics of exploit development. I have that experience despite not being certified, as well as fluent in the most basic parts of netwide assembly. But I recommend learning a Assembly class from Udemy too.

Course content

7 sections • 44 lectures • 8h 38m total length

  • Preview04:28
  • Fuzzing
    07:34
  • PoC Creation
    04:37
  • Controlling the execution
    10:37
  • Bad character analysis
    08:08
  • Cracking the shell
    14:22

  • Preview05:42
  • Fuzzing
    14:08
  • PoC Creation
    04:59
  • Preview04:25
  • Controlling the execution (ASLR Bypass)
    13:55
  • Controlling the execution (Stack Pivoting)
    13:07
  • Cracking the shell
    12:30

  • Preview04:05
  • Fuzzing
    10:48
  • PoC Creation
    08:31
  • Controlling the Execution (SEH Overwrite)
    11:33
  • Controlling the execution (Aligning register for shellcode)
    13:14
  • Bad character analysis
    08:20
  • Cracking the shell
    08:17

  • Develop a working exploit for NetSetMan 4.7.1
    1 question

  • Preview05:52
  • Fuzzing
    12:25
  • PoC Creation
    09:11
  • Controlling the execution
    12:13
  • Bad character analysis
    13:05
  • Cracking the shell (First-stage payload)
    24:08
  • Cracking the shell (Second-stage payload)
    07:11
  • Bonus: BooFuzz Installation
    09:18

  • Preview03:37
  • Fuzzing (Understanding ZIP file format specification)
    13:44
  • Fuzzing (Reverse engineering ZIP file structure) Part 1
    14:40
  • Fuzzing (Reverse engineering ZIP file structure) Part 2
    10:21
  • Fuzzing (Creating fuzzing script)
    18:28
  • Fuzzing (Fuzz QuickZip.exe)
    12:06
  • PoC Creation
    08:09
  • Controlling the execution
    23:49
  • Bad character analysis - Part 1
    17:05
  • Bad character analysis - Part 2
    12:48
  • Cracking the shell (Short Jump)
    16:30
  • Cracking the shell (Long Jump)
    16:11
  • Cracking the shell (Egg Hunter - Encoding - Part 1)
    20:40
  • Cracking the shell (Egg Hunter - Encoding - Part 2)
    15:58
  • Cracking the shell (Egg Hunter - Execution)
    17:05
  • Cracking the shell (Payload shellcode)
    17:10

  • Develop a working exploit for Kenward Zipper 1.4
    1 question

Instructor

Uday Mittal
Founder at Yaksas CSC
Uday Mittal
  • 4.5 Instructor Rating
  • 189 Reviews
  • 5,514 Students
  • 4 Courses

Uday Mittal (eWPTx, OSCE, OSCP, CRTP, CISSP, CISA, CISM, CRISC, DCPP) is the founder of Yaksas CSC.  He has over 8 years of experience in dealing with various issues related  to cyber security. He is actively working towards educating people on  cyber security risks and steps to mitigate them. His areas of interest include  exploitation research, malware analysis, red teaming, VAPT  etc.

  • Udemy for Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Featured courses
Udemy
© 2021 Udemy, Inc.