SlideShare a Scribd company logo
1 of 17
Strategic Security, Inc. © http://www.strategicsec.com/
Exploit Development
For Mere Mortals
Part 1: Getting Started
Presented By:
Joe McCray
joe@strategicsec.com
http://www.linkedin.com/in/joemccray
http://twitter.com/j0emccray
Strategic Security, Inc. © http://www.strategicsec.com/
Who Is This Talk For?
Who is this for?
• Security Professionals and hobbyists interested in understanding exploit
development
• Security Professionals and hobbyist interested in the fundamentals of writing
exploits
No Geekenese:
• This is NOT a technical, although there will be some technical info – it‟s more
of a getting started guide than anything else
Strategic Security, Inc. © http://www.strategicsec.com/
Things I‟ll Be Covering Today
• What programming languages you need to know?
• What are the best ways to learn these languages?
• What tools do you need?
• Which tools should you start with first?
• What references you use to get started and more importantly what to avoid?
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• An Interpreted Language (Perl, Python, Ruby)
• C
• Assembly
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• If you are new to programming – start with an interpreted language first
• Perl, Python, Ruby
• Youtube is your friend – the best I‟ve seen is from „thenewboston‟
• Python: https://www.youtube.com/watch?v=4Mf0h3HphEA
• Ruby: https://www.youtube.com/watch?v=WJlfVjGt6Hg
• Perl used the be the exploit and tool development language of choice
• Now it‟s Python and Ruby
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• The C Programming Language
• Greg Perry is an amazing teacher of programming languages
• I highly recommend “Absolute Beginner‟s Guide to C”
• Publisher: Sams; 2nd Edition
• ISBN-10: 0672305100
• ISBN-13: 978-0672305108
Strategic Security, Inc. © http://www.strategicsec.com/
Vivek Ramachandran (SecurityTube.net)
@SecurityTube
The Assembly Programming Language
Assembly For Hackers Video Series:
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6
What Programming Languages Do I Need To Know/Learn?
Strategic Security, Inc. © http://www.strategicsec.com/
What Tools Do You Need?
•Virtualization Platform (VMWare, VirtualBox, etc)
• Target VMs (XPSP3, Win7, Ubuntu 10)
• Debuggers
• OllyDBG: http://www.ollydbg.de/
• Immunity: http://immunitysec.com/products-immdbg.shtml
• WinDBG: http://www.windbg.org/
• IDA Pro: http://www.hex-rays.com/products/ida/support/download.shtml
• Vulnerable Software
• http://www.oldapps.com/
• http://www.exploit-db.com/
• Exploit Code
• http://www.exploit-db.com/
• http://packetstormsecurity.org/files/tags/exploit/
Strategic Security, Inc. © http://www.strategicsec.com/
Which Tools Should I Start With First?
• For your first few times dealing with simple exploits I‟d recommend OllyDBG
• After that I think you should move to either Immunity or WinDBG
• I would say that IDA Pro should be left for advanced users
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• If you are BRAND NEW – start with these tutorials:
• http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-
development/
• http://resources.infosecinstitute.com/seh-exploit/
• If you have a little experience – start with the Corelan.be tutorials
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-
basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-
aslr/
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• To break up the monotony I‟d recommend doing some reversing tutorials
• http://tuts4you.com/download.php
• Stay away from the majority of books on Buffer Overflows
• Way too much focus on source code
• Way too much focus classic buffer overflows on old OSs
• Books I would recommend (after you‟ve done the tutorial list earlier) are:
• Art of Exploitation
• Shellcoder‟s Handbook
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• If you are going to take a class at a security conference:
•Exploit Labs with Saumil Shah
• Corelan Live with Peter Van Eeckhoutte
Strategic Security, Inc. © http://www.strategicsec.com/
Major Resources
Vivek Ramachandran (SecurityTube.net)
@SecurityTube
Assembly For Hackers Video Series:
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6
Exploit Development Basics Video Series
http://www.securitytube.net/groups?operation=view&groupId=7
http://www.securitytube.net/groups?operation=view&groupId=4
Strategic Security, Inc. © http://www.strategicsec.com/
Major Resources
Peter Van Eeckhoutte (https://www.corelan.be/)
@corelanc0d3r
Hands-Down Probably The Best Tutorials on the market:
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-
basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-
aslr/
https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
Strategic Security, Inc. © http://www.strategicsec.com/
Tutorial Lists
Basics:
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
More All-Encompassing List
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
Strategic Security, Inc. © http://www.strategicsec.com/
Specific Exploit Topics
Basics:
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
More All-Encompassing List
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
Strategic Security, Inc. © http://www.strategicsec.com/
Contact Me....
Toll Free: 1-866-892-2132
Email: joe@strategicsec.com
Twitter: http://twitter.com/j0emccray
LinkedIn: http://www.linkedin.com/in/joemccray

More Related Content

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 

Featured

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 

Featured (20)

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 

Exploit Dev For Mere Mortals - Getting Started

  • 1. Strategic Security, Inc. © http://www.strategicsec.com/ Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray joe@strategicsec.com http://www.linkedin.com/in/joemccray http://twitter.com/j0emccray
  • 2. Strategic Security, Inc. © http://www.strategicsec.com/ Who Is This Talk For? Who is this for? • Security Professionals and hobbyists interested in understanding exploit development • Security Professionals and hobbyist interested in the fundamentals of writing exploits No Geekenese: • This is NOT a technical, although there will be some technical info – it‟s more of a getting started guide than anything else
  • 3. Strategic Security, Inc. © http://www.strategicsec.com/ Things I‟ll Be Covering Today • What programming languages you need to know? • What are the best ways to learn these languages? • What tools do you need? • Which tools should you start with first? • What references you use to get started and more importantly what to avoid?
  • 4. Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? • An Interpreted Language (Perl, Python, Ruby) • C • Assembly
  • 5. Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? • If you are new to programming – start with an interpreted language first • Perl, Python, Ruby • Youtube is your friend – the best I‟ve seen is from „thenewboston‟ • Python: https://www.youtube.com/watch?v=4Mf0h3HphEA • Ruby: https://www.youtube.com/watch?v=WJlfVjGt6Hg • Perl used the be the exploit and tool development language of choice • Now it‟s Python and Ruby
  • 6. Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? • The C Programming Language • Greg Perry is an amazing teacher of programming languages • I highly recommend “Absolute Beginner‟s Guide to C” • Publisher: Sams; 2nd Edition • ISBN-10: 0672305100 • ISBN-13: 978-0672305108
  • 7. Strategic Security, Inc. © http://www.strategicsec.com/ Vivek Ramachandran (SecurityTube.net) @SecurityTube The Assembly Programming Language Assembly For Hackers Video Series: http://www.securitytube.net/groups?operation=view&groupId=5 http://www.securitytube.net/groups?operation=view&groupId=6 What Programming Languages Do I Need To Know/Learn?
  • 8. Strategic Security, Inc. © http://www.strategicsec.com/ What Tools Do You Need? •Virtualization Platform (VMWare, VirtualBox, etc) • Target VMs (XPSP3, Win7, Ubuntu 10) • Debuggers • OllyDBG: http://www.ollydbg.de/ • Immunity: http://immunitysec.com/products-immdbg.shtml • WinDBG: http://www.windbg.org/ • IDA Pro: http://www.hex-rays.com/products/ida/support/download.shtml • Vulnerable Software • http://www.oldapps.com/ • http://www.exploit-db.com/ • Exploit Code • http://www.exploit-db.com/ • http://packetstormsecurity.org/files/tags/exploit/
  • 9. Strategic Security, Inc. © http://www.strategicsec.com/ Which Tools Should I Start With First? • For your first few times dealing with simple exploits I‟d recommend OllyDBG • After that I think you should move to either Immunity or WinDBG • I would say that IDA Pro should be left for advanced users
  • 10. Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? • If you are BRAND NEW – start with these tutorials: • http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit- development/ • http://resources.infosecinstitute.com/seh-exploit/ • If you have a little experience – start with the Corelan.be tutorials https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up- basic-exploit-development/ https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and- aslr/
  • 11. Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? • To break up the monotony I‟d recommend doing some reversing tutorials • http://tuts4you.com/download.php • Stay away from the majority of books on Buffer Overflows • Way too much focus on source code • Way too much focus classic buffer overflows on old OSs • Books I would recommend (after you‟ve done the tutorial list earlier) are: • Art of Exploitation • Shellcoder‟s Handbook
  • 12. Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? • If you are going to take a class at a security conference: •Exploit Labs with Saumil Shah • Corelan Live with Peter Van Eeckhoutte
  • 13. Strategic Security, Inc. © http://www.strategicsec.com/ Major Resources Vivek Ramachandran (SecurityTube.net) @SecurityTube Assembly For Hackers Video Series: http://www.securitytube.net/groups?operation=view&groupId=5 http://www.securitytube.net/groups?operation=view&groupId=6 Exploit Development Basics Video Series http://www.securitytube.net/groups?operation=view&groupId=7 http://www.securitytube.net/groups?operation=view&groupId=4
  • 14. Strategic Security, Inc. © http://www.strategicsec.com/ Major Resources Peter Van Eeckhoutte (https://www.corelan.be/) @corelanc0d3r Hands-Down Probably The Best Tutorials on the market: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up- basic-exploit-development/ https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and- aslr/ https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/ https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/ https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
  • 15. Strategic Security, Inc. © http://www.strategicsec.com/ Tutorial Lists Basics: http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html More All-Encompassing List https://code.google.com/p/it-sec-catalog/wiki/Exploitation
  • 16. Strategic Security, Inc. © http://www.strategicsec.com/ Specific Exploit Topics Basics: http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html More All-Encompassing List https://code.google.com/p/it-sec-catalog/wiki/Exploitation
  • 17. Strategic Security, Inc. © http://www.strategicsec.com/ Contact Me.... Toll Free: 1-866-892-2132 Email: joe@strategicsec.com Twitter: http://twitter.com/j0emccray LinkedIn: http://www.linkedin.com/in/joemccray