Just a no nonsense infosec blog.

Announcing Modules!

The objective of these modules is to provide a training ground for learning exploit development!

In the hacking world, exploit dev is one of the most difficult areas to delve into. In my own search for learning resources I've found plenty of useful materials out there: white papers on theory, detailed descriptions of various types of memory corruption techniques, and even some comprehensive courses (if you're willing to shell out a bit of cash). Generally, these resources do a great job of explaining specific vulnerabilities and how to go about exploiting them. Some even provide a nice example of vulnerable software and walk you through its exploitation. These types of resources are essential to learning the basics of exploit development, and I'll try to provide a comprehensive list of them in a later post. However, when reading through books or papers it became increasingly difficult to find concrete examples of vulnerable software to exploit without floundering in the dark for hours. I constantly ran into the same questions:

  • What operating systems are affected?
  • Where can I find the correct vulnerable version of the software?
  • Am I on the right track to successfully exploit this?
  • What are the "gotchas" for this exploit that might be stumping me?

The modules aim to give hands on practice at exploiting various classes of vulnerabilities while making sure these questions are answered along the way. The modules begin with simple, straightforward exploits aimed at beginner exploit devs and will progress through increasingly advanced scenarios and modern exploits. In each module, I'll strive to follow a relatively standard format. You can expect something like this:

  1. A thorough description of the vulnerability including its class (stack overflow vs heap overflow, etc).
  2. The necessary materials to carry out the exploit.
    1. links to vulnerable software
    2. specific information of affected operating systems / environment requirements
    3. any special conditions
  3. A technical walkthrough of the exploit from discovery of the vulnerability to successful exploitation.

Hopefully, this will enable the curious hacker to ease their way into becoming a competent exploit developer and will fill the gaps left by some of the other popular resources out there. Happy Hunting!

Chris Myers