Introduction to Exploit/Zero-Day Discovery and Development
What you'll learn
- Fuzzing
- Buffer Overflow Attacks
- Pivoting From One Compromised Windows Machine To Another Box Using RPivot
- How To Offensively Pass Reverse Shells From A Cloud Server To Your Local Home PC Using SSH Tunneling
- Concealing Your Remote Reconnaissance, Scanning, And Crawling Using Tor-over-VPN
- How To Attack A Corporate Ethernet LAN From A Wi-Fi Hotspot Using Proxy ARP Daemons
- Introduction to Egghunters for situations of limited buffer space
- ROP-Chaining to defeat Data Execution Prevention
- Reverse and Bind Shells
- Post Exploitation
- VMWare Hypervisors
- Kali Linux
- Exploit Development
- Debugging Crashed Applications
- edb (Evan's Debugger)
- gdb (GNU Debugger)
- Immunity Debugger
- Netwide Assembly (NASM)
- Metasploit
- Encoding
- Pivoting
- Proxies and Transparent Proxifiers (Proxychains)
- Tunneling
- SSH
- Kernel-based Virtual Machine
- QEMU
- Virtual Private Networks
- IT & Software
- Network & Security
- Hijacking Execution
Requirements
- Basic Linux Commands
- Ability to run a virtual machine
Description
Essential for OSCP Exam Prep (Offensive Security Certified Professional)
Try our course rather than paying $800 to $1,200 for the official Offensive Security Training. Two of our exploitable programs are featured in the Penetration Testing with Kali Linux Course.
See if aiming for a OSCP is right for you! Knock down the 25 point buffer overflow box in the OSCP exam in minutes, not hours!*
*In the official OSCP Exam you are given a pre-compiled app for the buffer overflow box that is worth 25 out of 100 points. The exam app expressedly emphasizes the bad character analysis section of the PwK course. There will be about twelve or so bad characters that must be eliminated, following the steps in our SLMail 5.5 exercise (which has far less bad characters).
Basic Introduction to Exploit Development
Students enrolling will learn how to discover and craft custom exploits against both Windows and Linux targets
The following techniques will be covered in detail
1. Stack smashing shellcode
2. Multi-stage shellcode
3. Post-exploitation
4. Pivoting on both Linux and Windows targets
5. Anonymity via Tor-over-VPN
6. Offensive shell passing between a underpowered Virtual Private Server back to a more capable Metasploit listener at home through reverse TCP and reverse SSH tunnels
7. A introduction to ROP-chaining, which is a teaser for my more advanced class (work-in-progress)
Debuggers and Tools
Students will learn how to debug flawed applications and craft exploits using
1. Immunity Debugger
2. GDB-PEDA (GNU Debugger)
3. EDB (Evan's Debugger)
Step-by-step guides on setting up your virtual penetration testing lab
1. How to install Kali Linux on Ubuntu 18.04 using KVM
2. How to install Kali Linux on Windows machines using VMWare Player 15
Who this course is for:
- Software engineers
- Secure Software Developers (CSSLPs)
- Penetration Testers & Red Teams
- Exploit Developers (ex. Google Project Zero, ZDI, Zerodium, Hackerone)
- Hackers
- System Engineers
- Security Engineers
- Network Engineers
Course content
- Preview02:37
- Preview01:29
- 04:15Course Remastering Notice Due to Changes in Kali Linux 2020.1
- Preview13:37
- Preview15:02
- 01:41Introducing the Course Pack (Learning Materials)
- Preview03:58
- Preview03:29
Instructor
![Chang Tan](data:image/svg+xml,%3Csvg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64"%3E%3C/svg%3E){kind=avatar}
- 3.7 Instructor Rating
- 25 Reviews
- 439 Students
- 1 Course
Chang "Slayer-Ranger" Tan is a software-engineer that writes front-end web applications as a primary trade of business with a emphasis of a security-focused software development lifecycle (spiral methodology). He is currently taking the Penetration Testing with Kali Linux course right now. Later he will pursue the CSSLP (Certified Secure Software Lifecycle Professional).
He is a volunteer instructor at DEFCON 27 (2019) at the Red Team Village for Exploit-Development where he and his fellow volunteers and staff members oversaw the validation of approximately more than 90 newly-minted exploit developers over a course of 3-4 days.
He has also, through the negotiation of contracts and non-disclosure agreements (of parties involved and detailed source code), reverse-engineered multiple front-end web applications, primarily by relying on the inference attack on downloadable front-end code in order to infer the functionality and design of the back-end.