Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Exploit Dev For Mere Mortals - Getting Started

3,610 views

Published on

This presentation is for newbies to the world of exploit development. It is designed to help you get comfortable with the subject and provide you with the resources required to get started.

Published in: Technology

Exploit Dev For Mere Mortals - Getting Started

  1. 1. Strategic Security, Inc. © http://www.strategicsec.com/ Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray joe@strategicsec.com http://www.linkedin.com/in/joemccray http://twitter.com/j0emccray
  2. 2. Strategic Security, Inc. © http://www.strategicsec.com/ Who Is This Talk For? Who is this for? • Security Professionals and hobbyists interested in understanding exploit development • Security Professionals and hobbyist interested in the fundamentals of writing exploits No Geekenese: • This is NOT a technical, although there will be some technical info – it‟s more of a getting started guide than anything else
  3. 3. Strategic Security, Inc. © http://www.strategicsec.com/ Things I‟ll Be Covering Today • What programming languages you need to know? • What are the best ways to learn these languages? • What tools do you need? • Which tools should you start with first? • What references you use to get started and more importantly what to avoid?
  4. 4. Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? • An Interpreted Language (Perl, Python, Ruby) • C • Assembly
  5. 5. Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? • If you are new to programming – start with an interpreted language first • Perl, Python, Ruby • Youtube is your friend – the best I‟ve seen is from „thenewboston‟ • Python: https://www.youtube.com/watch?v=4Mf0h3HphEA • Ruby: https://www.youtube.com/watch?v=WJlfVjGt6Hg • Perl used the be the exploit and tool development language of choice • Now it‟s Python and Ruby
  6. 6. Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? • The C Programming Language • Greg Perry is an amazing teacher of programming languages • I highly recommend “Absolute Beginner‟s Guide to C” • Publisher: Sams; 2nd Edition • ISBN-10: 0672305100 • ISBN-13: 978-0672305108
  7. 7. Strategic Security, Inc. © http://www.strategicsec.com/ Vivek Ramachandran (SecurityTube.net) @SecurityTube The Assembly Programming Language Assembly For Hackers Video Series: http://www.securitytube.net/groups?operation=view&groupId=5 http://www.securitytube.net/groups?operation=view&groupId=6 What Programming Languages Do I Need To Know/Learn?
  8. 8. Strategic Security, Inc. © http://www.strategicsec.com/ What Tools Do You Need? •Virtualization Platform (VMWare, VirtualBox, etc) • Target VMs (XPSP3, Win7, Ubuntu 10) • Debuggers • OllyDBG: http://www.ollydbg.de/ • Immunity: http://immunitysec.com/products-immdbg.shtml • WinDBG: http://www.windbg.org/ • IDA Pro: http://www.hex-rays.com/products/ida/support/download.shtml • Vulnerable Software • http://www.oldapps.com/ • http://www.exploit-db.com/ • Exploit Code • http://www.exploit-db.com/ • http://packetstormsecurity.org/files/tags/exploit/
  9. 9. Strategic Security, Inc. © http://www.strategicsec.com/ Which Tools Should I Start With First? • For your first few times dealing with simple exploits I‟d recommend OllyDBG • After that I think you should move to either Immunity or WinDBG • I would say that IDA Pro should be left for advanced users
  10. 10. Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? • If you are BRAND NEW – start with these tutorials: • http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit- development/ • http://resources.infosecinstitute.com/seh-exploit/ • If you have a little experience – start with the Corelan.be tutorials https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up- basic-exploit-development/ https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and- aslr/
  11. 11. Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? • To break up the monotony I‟d recommend doing some reversing tutorials • http://tuts4you.com/download.php • Stay away from the majority of books on Buffer Overflows • Way too much focus on source code • Way too much focus classic buffer overflows on old OSs • Books I would recommend (after you‟ve done the tutorial list earlier) are: • Art of Exploitation • Shellcoder‟s Handbook
  12. 12. Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? • If you are going to take a class at a security conference: •Exploit Labs with Saumil Shah • Corelan Live with Peter Van Eeckhoutte
  13. 13. Strategic Security, Inc. © http://www.strategicsec.com/ Major Resources Vivek Ramachandran (SecurityTube.net) @SecurityTube Assembly For Hackers Video Series: http://www.securitytube.net/groups?operation=view&groupId=5 http://www.securitytube.net/groups?operation=view&groupId=6 Exploit Development Basics Video Series http://www.securitytube.net/groups?operation=view&groupId=7 http://www.securitytube.net/groups?operation=view&groupId=4
  14. 14. Strategic Security, Inc. © http://www.strategicsec.com/ Major Resources Peter Van Eeckhoutte (https://www.corelan.be/) @corelanc0d3r Hands-Down Probably The Best Tutorials on the market: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up- basic-exploit-development/ https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and- aslr/ https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/ https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/ https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
  15. 15. Strategic Security, Inc. © http://www.strategicsec.com/ Tutorial Lists Basics: http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html More All-Encompassing List https://code.google.com/p/it-sec-catalog/wiki/Exploitation
  16. 16. Strategic Security, Inc. © http://www.strategicsec.com/ Specific Exploit Topics Basics: http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html More All-Encompassing List https://code.google.com/p/it-sec-catalog/wiki/Exploitation
  17. 17. Strategic Security, Inc. © http://www.strategicsec.com/ Contact Me.... Toll Free: 1-866-892-2132 Email: joe@strategicsec.com Twitter: http://twitter.com/j0emccray LinkedIn: http://www.linkedin.com/in/joemccray

×