
Explore the Ali debugger, a reversing tool with a 64-bit version, learn to install on Linux or Windows, and customize disassembly view, registers, hex dump, fonts, and color schemes.
This lecture continues the discussion of stack overflows with a simple program and a Python tester, showing how to craft input, trigger a crash, and determine offset to return address.
Demonstrates format string vulnerabilities by building a Python exploit that writes the shellcode address with format length specifiers, uses a NOP sled, and runs via subprocess to launch calculator.
Explore section overflow vulnerabilities in Windows, demonstrating how buffer overflows can overwrite global variables and function pointers, enabling corruption of strcpy and printf calls through crafted input.
Explore how exploits and reversing apply to macOS, comparing stack and heap memory, overcoming non-executable stack, and addressing format string bugs in C libraries.
Demonstrates how a 32-byte malloc buffer can be overflowed by strcpy, causing heap corruption and a Linux abort, with gdb breakpoints before strcpy and before free revealing heap metadata.
Explore linux heap overflows, showing how overwriting buffers on a 64-bit little-endian system can trigger sig abort and probe protections using two's complement tricks and gdb with python inputs.
Learn to build a simple Python exploit script that crafts a payload with a nop sled and shellcode, then uses a socket to target a vulnerable server.
Learn to convert a script-based exploit into a Metasploit module using Mona in Immunity, generating a Ruby skeleton with TCAP payloads and customizable targets.
Learn how to encode shellcode using msf encode encoders, including Shikata Goodnight and metamorphic block-based options, to bypass intrusion detection systems and prepare encoded payloads.
Explore encoding shellcode workflows, from raw binaries to C files, and learn how polymorphic encoding and tools like Shikata gun shy shape shellcode size and output.
In this Reverse Engineering and Exploit Development training course, expert author Philip Polstra will teach you about common software vulnerabilities and how to find them, as well as how the vulnerabilities differ between various operating systems. This course is designed for beginners who are looking to get started in security, penetration testing, and reverse engineering.
You will start by learning about reversing compiled Windows applications, including using fuzzing, stack overflows, and heap overflows. From there, Philip will teach you how to reverse compiled OS X, Linux, and Android applications. This video tutorial also covers how to find other vulnerabilities, including website and database vulnerabilities. Finally, you will learn about simple exploits, web exploitation, and ARM exploitation.
Once you have completed this computer based training course, you will be fully capable of finding vulnerabilities and developing exploits for them. Working files are included, allowing you to follow along with the author throughout the lessons.