Hands-on Fuzzing and Exploit Development (Advanced)

Name: Hands-on Fuzzing and Exploit Development (Advanced)
Rating: 4.1 (76 reviews)

Learn advanced techniques of creating exploits

(76 ratings)

1,426 students

Created by Uday Mittal

Last updated 6/2021

English

What you'll learn

Advanced techniques of creating exploits such as Egg Hunters, ASLR Bypass, Function reuse etc.
Writing Unicode compatible exploits
How to do long and short jumps in exploits
How to do stack pivoting
Fuzzing through Spike, Peach Fuzzer, FilFuzz and BooFuzz
Creating Peach Pits, BooFuzz scripts and fuzzing scripts in Python
How to tackle restrictive conditions such as limited buffer space or limited character set
Create exploits from scratch for complicated file-formats such as ZIP
Manually encoding shellcode

Requirements

Basic knowledge of x86 Assembly Language
Basic knowledge of Kali Linux
Basic knowledge of Python
Basic knowledge of Metasploit
Basic concepts of fuzzing
Basic knowledge of Immunity Debugger

Description

About this course

This course builds upon my previous course, Hands-on Exploit Development on Udemy.

It will teach you advanced techniques of exploiting a buffer overflow vulnerability. Egg hunters, ASLR bypass, Stack Pivoting, Function Reuse, Manual encoding are some of the techniques covered in this course.

It follows the six stages of exploit development and gives a detailed walk-through of each. Each module starts by identifying the vulnerability via fuzzing. You'll learn, server fuzzing (using Spike) and file format fuzzing (using Peach Fuzzer). It then shows you how to create a PoC to trigger the vulnerability and convert that PoC into a working exploit.

Through this course you will get introduced to various tools such as Immunity Debugger, Mona library for Immunity Debugger, Metasploit, msfvenom, Spike, Peach Fuzzer, BooFuzz and much more. This course is designed to be short and concise yet packed with practical knowledge.

Each video includes learning resources (in video) and associated files (pdf slides, fuzzing scripts, peach pit python script etc.). You can just follow along and create a working exploit. It's that simple. Happy hacking!

What our fellow students say about this course

"I have been looking for resources to learn different techniques of exploit development. This course was a great find. It is very easy to follow along and understand the concepts." - Surbhi Goel

"Great! More fuzzing tools are introduced." - Ying-Chen Chiou

"pretty good basics,easy to follow buffer overflow" - Arun Mathew

Who this course is for:

Students curious about building exploits
Ethical Hackers
Penetration Testers
Cybersecurity Professionals
People preparing for OSCP, OSCE etc.

Featured review

Chang T.

25 courses

14 reviews

3 years ago

It's pretty good, but this is not a beginner friendly class. A lot of people would get lost in the sauce had they not practiced beforehand the Offensive Security Penetration Testing With Kali Linux course and understood the basics of exploit development. I have that experience despite not being certified, as well as fluent in the most basic parts of netwide assembly. But I recommend learning a Assembly class from Udemy too.

Uday Mittal

Founder at Yaksas Security

4.4 Instructor Rating
171 Reviews
6,610 Students
3 Courses

Uday Mittal (eWPTx, OSCP | E, CRTP | E, CISSP, CCSP, CISA, CISM, CRISC) is the founder of Yaksas Security. He has over 11 years of experience in dealing with various issues related to cyber security. He is actively working towards educating people on cyber security risks and steps to mitigate them. His areas of interest include exploitation research, malware analysis, red teaming, VAPT etc.