• +91 - 9582 90 7788

CyberSense 301 – Exploit development

Exploit is price of software or sequence of commands that are written to take advantage of weakness is software or hardware. Exploits are designed to take intended actions varying from taking shell access to network system, denial of service or privilege escalation.

Exploit development requires out-of-the box thinking and in-depth understanding on various internal aspects of applications and exposure to assembly language. Most of the vendors will reward if you help them to identify days 0’s in their applications.

This course will help professionals to obtain inordinate skills about fuzzing, 0 day’s, shell codes, debuggers, memory and CPU internals. . This course will also cover different tools and utilities such as Python, assembly, immunity debugger, Monascripts, and Metasploitframework todevelopnew exploits.

Course Objectives: After completion of this course candidate will have idea about system exploitation using Metasploit framework. This class will cover cybersecurity essentials, footprointing, and Metasploit framework, basic exploitation using Metasploit, POST exploitation, meterpreter, client side attacks, and spear-phishing & password attacks.

Prerequisites: basic understanding of system, cyber security tools, Hard work, passion to learn, out-of-the box thinking,.

Course syllabus

  • Introduction to Assembly Language
  • Understanding your CPU
  • System Organization basics
    1. CPU
    2. I/O Devices
    3. Memory
    4. System Bus
  • IA-32 Registers
    1. General purpose registers
    2. Segment registers
    3. Flags,EIP
    4. Floating point unit registers
    5. MMX and XMM registers
  • Writing your first Hello World program in Assembly
  • Introduction to Python
  • Overview on variables, Lists, control flow, Dictionaries and functions
  • Writing Python Scripting for
    1. Network Sockets
    2. Port Scanner
    3. Backdoor
    4. HTTP verb Enumerator
    5. Login brute force
  • Overview of buffer overflow attacks
    1. Understanding vulnerable program
    2. Causing a crash
    3. Understanding Immunity debugger
    4. Crashing program in debugger
    5. Controlling EIP
    6. Hijacking execution
  • Real World application demonstration
    1. Re-creating existing exploit from scratch
    2. Replicating crash
    3. Controlling EIP
    4. Locating space for shellcode
    5. Checking Bad characters
    6. Redirecting execution flow
    7. Payload generation using MSFVENOM
    8. Getting Shell
  • Understanding exception handlers
  • Understanding changes in Windows in regard to SEH
  • SEH in action using Immunity Debugger
    1. How to exploit SHE based vulnerabilities
    2. How to reach to shellcode using SEH and nSEH
    3. Finding SEH and nSEH offsets
    4. Understanding POP POP RET
    5. Putting all pieces together – Final working exploit
  • Real World application demonstration
    1. Re-creating existing exploit from scratch
    2. Replicating crash
    3. Controlling EIP
    4. Locating a return address using pop pop ret
    5. Interesting 3byte Overwrite
    6. Payload generation using MSFVENOM
    7. Getting Shell
  • Understanding Win32 Egg Hunting using
    1. IsBadReadPtr
    2. NtDisplayString
    3. NtAccessCheck
  • Need of Egg Hunting in Exploit Development
  • See EggHunter in action
    1. Generating EggHunter code using Mona
    2. Real world application demonstration using EggHunter
    3. Getting Shell
  • Understanding ASLR memory protection
  • How does ASLR make exploitation difficult
  • Bypassing ASLR using partial EIP overwrite
    1. Understanding Animated cursor handling vulnerability
    2. Writing ANI exploit from scratch
    3. Understanding different jump instructions
    4. 2 Byte EIP overwrite
    5. Game Over!
  • Abusing non-ASLR enabled libraries
    1. Real world application demonstration
    2. Finding non-ASLR enabled modules
    3. Controlling EIP
    4. Hijacking Execution
    5. Payload generation using MSFVENOM
    6. Getting Shell
  • Understanding Data Execution prevention
    1. Hardware enforced DEP
    2. Software enforced DEP
  • Introduction to ROP and how to build ROP Chaining
  • Different Windows function calls to bypass DEP
    1. VirtualAlloc
    2. HeapCreate
    3. SetProcessDEPPolicy
    4. NtSetInformationProcess
    5. VirtualProtect
    6. WriteProcessMemory
  • Building ROP chain and finding ROP gadgets
  • Real world application demonstration on Windows 7 and Windows 2008
  • Introduction to fuzzing
  • Understanding Spike Fuzzer
    1. Spike scripting
    2. Spike scripting commands
    3. Strings
    4. Block sizes
    5. Using existing fuzzers for different protocols
    6. Creating custom fuzzers using spike components
  • Fuzzing custom vulnerable binary using Spike
    1. Write exploit in Python from scratch
    2. Causing a crash
    3. Controlling CPU register
    4. Hijacking execution flow
    5. Getting shell
  • Introduction to manual backdooring
    1. What is backdooring
    2. Quick Peek into PE structure
    3. Code Caves
    4. File Offsets and RVA
  • Understanding different tools to modify PE files
  • Manipulating execution inside a PE file
  • Real world application demonstration
    1. Identifying cave in PE structure
    2. Write Assembly instructions using immunity debugger
    3. Hijacking execution flow
    4. Injecting shellcode
    5. Game Over!
  • Understanding win32 shellcode
  • Understand shellcode specific aspects
    1. Direct offsets to strings
    2. Addresses of functions
    3. Avoiding null bytes
  • Linux vs Windows shellcode
  • Writing your own shellcode
    1. Launch calculator using WinExec API
    2. Creating a message-box popup using MessageBoxA API

Register now for demo sessions on our customized cyber security training programs Register for Demo

  • Evaluate how you can benefit from Cyber Security courses
  • Highly customized and industry most cost-effective cyber security training modules with comprehensive coverage
  • Newly introduced threat hunting program with security analytics.
  • 24*7 anytime any-ware access to Cyberpeople online cloud lab along with various lab scenarios