Introduction to Exploit/Zero-Day Discovery and Development

Name: Introduction to Exploit/Zero-Day Discovery and Development
Rating: 4.5 (71 reviews)

Entry-level Exploit Development Course aimed at students looking to pass the OSCP, GXPN, or OSCE3. Beginner friendly

(71 ratings)

1,567 students

Created by Chang Tan

Last updated 8/2022

English

English [Auto]

What you'll learn

Fuzzing
Buffer Overflow Attacks
Pivoting From One Compromised Windows Machine To Another Box Using RPivot
How To Offensively Pass Reverse Shells From A Cloud Server To Your Local Home PC Using SSH Tunneling
Concealing Your Remote Reconnaissance, Scanning, And Crawling Using Tor-over-VPN
How To Attack A Corporate Ethernet LAN From A Wi-Fi Hotspot Using Proxy ARP Daemons
Introduction to Egghunters for situations of limited buffer space
ROP-Chaining to defeat Data Execution Prevention
Reverse Shells
Post Exploitation
VMWare Hypervisors
Kali Linux
Exploit Development
Debugging Crashed Applications
Netwide Assembly (NASM)
Metasploit
Encoding
Pivoting
Proxies and Transparent Proxifiers (Proxychains)
Tunneling
SSH
Kernel-based Virtual Machine
QEMU
Virtual Private Networks
IT & Software
Network & Security
Hijacking Execution
Privilege Escalation
Custom Shellcoding
64-bit ROP Chaining
Stack Canary Bypasses
ASLR Bypasses
Egghunters
Immunity Debugger
GDB & Extensions like gdb-PEDA and gdb-gef
Pwntools
Docker
NX/DEP Bypass
Shellcodeless ROP-Chaining
Porting Python 2 Exploits to Python 3
Capture the Flag

Requirements

Basic Linux Commands
Ability to run a virtual machine
English Only Course Unfortunately

Description

Essential for OSCP Exam Prep (Offensive Security Certified Professional), OSED/OSCE3 (EXP-301), GXPN (SEC660), and SANS SEC760 (the SANS Equivalent of Advanced Windows Exploitation or EXP-401).

Try our course rather than paying $1,500+ for the official Offensive Security Training.

Basic Introduction to Exploit Development

Students enrolling will learn how to discover and craft custom exploits against both Windows and Linux targets

The following techniques will be covered in detail

1. Stack smashing shellcode

2. Multi-stage shellcode using egghunters

3. 32-bit and 64-bit Custom Shellcoding

4. 64-bit ROP-chaining with ret2libc

5. 64-bit ROP-chaining with Stack Canary Bypass with Format String Specifier Attacks to leak and repair the canary

6. 64-bit ASLR bypasses using ret2plt techniques, abusing syscalls, GOT overwrites, and inserting shellcode into .data segments of Linux binaries at runtime

7. Post-exploitation

8. Pivoting on both Linux and Windows targets with rpivot

9. Anonymity via Tor-over-VPN

10. Offensive shell passing between a underpowered Virtual Private Server back to a more capable Metasploit listener at home through reverse TCP and reverse SSH tunnels

11. A introduction to ROP-chaining (Windows)

12. Structured Exception Handler Overwrites and Unicode Exploits (Windows)

13. Docker container "pwnboxes"

14. Writing and fixing exploits in Python 2 and 3

Debuggers and Tools

Students will learn how to debug flawed applications and craft exploits using

1. Immunity Debugger

2. GDB-PEDA (GNU Debugger), and GDB-GEF

3. Pwntools

4. Tmux

5. Metasploit

6. Proxychains + RPivot

Step-by-step guides on setting up your virtual penetration testing lab

1. How to install Kali Linux on Ubuntu 20.04 using KVM

2. How to install Kali Linux on Windows machines using VMWare Player 15

3. How to use Docker containers using platform emulation for creating reliable exploitable machines (Linux binaries)

Who this course is for:

Software engineers
Secure Software Developers (CSSLPs)
Penetration Testers & Red Teams
Exploit Developers (ex. Google Project Zero, ZDI, Zerodium, Hackerone)
Hackers
System Engineers
Security Engineers
Network Engineers
Security Researchers
Beginners

Chang Tan

Software Engineer

4.5 Instructor Rating
71 Reviews
1,567 Students
1 Course

Chang "Slayer-Ranger" Tan is a software-engineer that writes front-end web applications as a primary trade of business with a emphasis of a security-focused software development lifecycle (spiral methodology). He is currently taking the Penetration Testing with Kali Linux course right now. Later he will pursue the CSSLP (Certified Secure Software Lifecycle Professional).

He is a volunteer instructor at DEFCON 27 (2019) at the Red Team Village for Exploit-Development where he and his fellow volunteers and staff members oversaw the validation of approximately more than 90 newly-minted exploit developers over a course of 3-4 days.

He has also, through the negotiation of contracts and non-disclosure agreements (of parties involved and detailed source code), reverse-engineered multiple front-end web applications, primarily by relying on the inference attack on downloadable front-end code in order to infer the functionality and design of the back-end.