Cyber Security Services Provider Company in India

CyberSense 301 – Exploit development

Exploit is price of software or sequence of commands that are written to take advantage of weakness is software or hardware. Exploits are designed to take intended actions varying from taking shell access to network system, denial of service or privilege escalation.

Exploit development requires out-of-the box thinking and in-depth understanding on various internal aspects of applications and exposure to assembly language. Most of the vendors will reward if you help them to identify days 0’s in their applications.

This course will help professionals to obtain inordinate skills about fuzzing, 0 day’s, shell codes, debuggers, memory and CPU internals. . This course will also cover different tools and utilities such as Python, assembly, immunity debugger, Monascripts, and Metasploitframework todevelopnew exploits.

Course Objectives: After completion of this course candidate will have idea about system exploitation using Metasploit framework. This class will cover cybersecurity essentials, footprointing, and Metasploit framework, basic exploitation using Metasploit, POST exploitation, meterpreter, client side attacks, and spear-phishing & password attacks.

Prerequisites: basic understanding of system, cyber security tools, Hard work, passion to learn, out-of-the box thinking,.

Course syllabus

Module 1 – Programming refresher

Introduction to Assembly Language
Understanding your CPU
System Organization basics
1. CPU
2. I/O Devices
3. Memory
4. System Bus
IA-32 Registers
1. General purpose registers
2. Segment registers
3. Flags,EIP
4. Floating point unit registers
5. MMX and XMM registers
Writing your first Hello World program in Assembly
Introduction to Python
Overview on variables, Lists, control flow, Dictionaries and functions
Writing Python Scripting for
1. Network Sockets
2. Port Scanner
3. Backdoor
4. HTTP verb Enumerator
5. Login brute force

Module 2 – Vanilla Stack overflow Attack

Overview of buffer overflow attacks
1. Understanding vulnerable program
2. Causing a crash
3. Understanding Immunity debugger
4. Crashing program in debugger
5. Controlling EIP
6. Hijacking execution
Real World application demonstration
1. Re-creating existing exploit from scratch
2. Replicating crash
3. Controlling EIP
4. Locating space for shellcode
5. Checking Bad characters
6. Redirecting execution flow
7. Payload generation using MSFVENOM
8. Getting Shell

Module 3 – SEH Buffer Overflow Attacks

Understanding exception handlers
Understanding changes in Windows in regard to SEH
SEH in action using Immunity Debugger
1. How to exploit SHE based vulnerabilities
2. How to reach to shellcode using SEH and nSEH
3. Finding SEH and nSEH offsets
4. Understanding POP POP RET
5. Putting all pieces together – Final working exploit
Real World application demonstration
1. Re-creating existing exploit from scratch
2. Replicating crash
3. Controlling EIP
4. Locating a return address using pop pop ret
5. Interesting 3byte Overwrite
6. Payload generation using MSFVENOM
7. Getting Shell

Module 4 – Elusive Egg Hunting

Understanding Win32 Egg Hunting using
1. IsBadReadPtr
2. NtDisplayString
3. NtAccessCheck
Need of Egg Hunting in Exploit Development
See EggHunter in action
1. Generating EggHunter code using Mona
2. Real world application demonstration using EggHunter
3. Getting Shell

Module 5 – ASLR Protection Bypass

Understanding ASLR memory protection
How does ASLR make exploitation difficult
Bypassing ASLR using partial EIP overwrite
1. Understanding Animated cursor handling vulnerability
2. Writing ANI exploit from scratch
3. Understanding different jump instructions
4. 2 Byte EIP overwrite
5. Game Over!
Abusing non-ASLR enabled libraries
1. Real world application demonstration
2. Finding non-ASLR enabled modules
3. Controlling EIP
4. Hijacking Execution
5. Payload generation using MSFVENOM
6. Getting Shell

Module 6 – Return Oriented Programming

Understanding Data Execution prevention
1. Hardware enforced DEP
2. Software enforced DEP
Introduction to ROP and how to build ROP Chaining
Different Windows function calls to bypass DEP
1. VirtualAlloc
2. HeapCreate
3. SetProcessDEPPolicy
4. NtSetInformationProcess
5. VirtualProtect
6. WriteProcessMemory
Building ROP chain and finding ROP gadgets
Real world application demonstration on Windows 7 and Windows 2008

Module 7 – Zero Day vector

Introduction to fuzzing
Understanding Spike Fuzzer
1. Spike scripting
2. Spike scripting commands
3. Strings
4. Block sizes
5. Using existing fuzzers for different protocols
6. Creating custom fuzzers using spike components
Fuzzing custom vulnerable binary using Spike
1. Write exploit in Python from scratch
2. Causing a crash
3. Controlling CPU register
4. Hijacking execution flow
5. Getting shell

Module 8 – Backdoor Angle

Introduction to manual backdooring
1. What is backdooring
2. Quick Peek into PE structure
3. Code Caves
4. File Offsets and RVA
Understanding different tools to modify PE files
Manipulating execution inside a PE file
Real world application demonstration
1. Identifying cave in PE structure
2. Write Assembly instructions using immunity debugger
3. Hijacking execution flow
4. Injecting shellcode
5. Game Over!

Module 9 – Overview on Shellcoding

Understanding win32 shellcode
Understand shellcode specific aspects
1. Direct offsets to strings
2. Addresses of functions
3. Avoiding null bytes
Linux vs Windows shellcode
Writing your own shellcode
1. Launch calculator using WinExec API
2. Creating a message-box popup using MessageBoxA API

Register now for demo sessions on our customized cyber security training programs Register for Demo

Evaluate how you can benefit from Cyber Security courses
Highly customized and industry most cost-effective cyber security training modules with comprehensive coverage
Newly introduced threat hunting program with security analytics.
24*7 anytime any-ware access to Cyberpeople online cloud lab along with various lab scenarios