exploit writing certification

Exploit Writing

Course Description

The course is focused on a comprehensive coverage of software exploitation. It will present different domains of code exploitation and how they can be used together to test the security of an application. The participants will learn about different types and techniques of exploitation, using debuggers to create their own exploits, understand protection mechanism of the Operating Systems and how to bypass them. The course is heavily focused on being hands-on. Reference material documents will be provided for concepts for further reading. By the end of the course, you should be able to meet the following objectives:

  • Understand how exploits works and different types of software exploitation techniques
  • Understand the exploit development process
  • Search for vulnerabilities in closed-source applications
  • Write their own exploits for vulnerable applications

Target Audience

  • Information Security Professionals
  • Anyone with an interest in understanding exploit development
  • Ethical Hackers and Penetration Testers looking to upgrade their skill-set to the next level

Course Duration

  • 40 Hours

Modules Covered

  • Types of Exploitation:Stack Buffer overflow, Heap Overflow, File Format String exploits
  • Introduction to Debuggers:Windbg, Ollydbg, Immunity Debugger
  • Live Exploitation demo
  • Windows Exploitation – Walkthrough for sample application:Fuzzing – Triggering the vulnerability, Crafting the attack string, Return to Stack vs. Return through registers, Break-point debugging, Creating the payloadShell-code Basics
  • Different Types of Payloads
  • Exploiting with Structured Exception Handlers (SEH)
  • ActiveX Exploitation
  • Exploit Protection mechanism: Safe SEH, GS Cookie, DEP, ASLR
  • Introduction to Linux Exploitation
  • Basics of GDB Debugger
  • Return-to-libc technique