Exploit Development

beginner
hands-on

Exploit Development Workshop

The Course teaches you on how to analyse and hunt for vulnerabilities and crafting your own exploit script to gain a shell of the system. We will be targeting Windows 7 and Windows 10 OS to writing your own exploits. The instructor will also share his past experience in writing exploits and the hurdles in fuzzing the applications for detecting a vulnerability and finally crafting your own working exploit to gain SYSTEM. At the start of the session, we will be kicking off with understanding the different point attack for developing your own exploit. As, the session progresses, we will be looking into multiple ways into writing an exploit.

Target Audience

This session would be helpful for students intending to learn to write their own exploits and bug hunters trying to detect vulnerabilities in the application level. The session would also help to red teamers and professional penetration testers in creating a foundation in exploit writing. Students planning to take up the OSCP and OSCE examinations would benefit the most out of this session.

Deliverables

  • Training slides and study material (PDF).
  • All the scripts and tools that are used during the training.
  • Curated list of applications that can be used as testbeds while learning exploit scripting.

Requirements

  • Laptop with Minimum 70 GB Hard Disk space and 4GB RAM
  • Virtual Box Installed

Topics to be covered

  • Buffer Overflow attacks by Vanilla EIP Overwrite
  • Attacking SEH chains
  • Buffer Overflow by egg hunting
  • Using Windows Custom shellcoding

What you will get from this session :

At the end of the session, the attendees would be given two apps and they’d be expected to write their own working exploit scripts to root the Windows machines.

About Trainer :

Mihir shah is a chapter leader at Null Bangalore. He have provided multiple hands-on training sessions, for almost two years, on various Info-Sec topics - Advanced WiFi pentesting, API pentesting, Reverse Engineering, Exploit Development, Breaking and Pwning Docker containers and Kubernetes Clusters.