History

Omar Santos d599041450 Update README.md Fixes #143 Fixes #144 Fixes #150 Fixes #145 Fixes #146 Fixes #147 Fixes #148 Fixes #149 Fixes #141 Fixes #142 Fixes #139 Fixes #138 Fixes #137 Fixes #136 Fixes #135 Fixes #134 Fixes #133 Fixes #132 Fixes #131 Fixes #130 Fixes #129 Fixes #128 Fixes #127 Fixes #153 Fixes #152 Fixes #151		2023-07-03 15:19:43 -04:00
..
README.md	Update README.md	2023-07-03 15:19:43 -04:00
aslr_changer	Add files via upload	2022-02-21 11:25:45 -05:00
aslr_changer.c	Add files via upload	2022-02-21 11:25:45 -05:00
chatserver-smallbuffer	Add files via upload	2022-02-21 11:25:45 -05:00
gdbinit.txt	Add files via upload	2022-02-21 11:25:45 -05:00
httpdpost.fuzzer	Add files via upload	2022-02-21 11:25:45 -05:00
libhttpd	Add files via upload	2022-02-21 11:25:45 -05:00
mutiny_new.py	Create mutiny_new.py	2022-02-22 12:56:22 -05:00
sockets_example.py	Add files via upload	2022-02-21 11:25:45 -05:00
triple_socket_template.py	Add files via upload	2022-02-21 11:25:45 -05:00

README.md

Exploit Development References

Exploit development is a complex field requiring deep knowledge of various programming languages, networking, operating systems, and security principles. The following are some key areas you should focus on:

Programming Languages: You should have a strong command of at least one low-level programming language like C or C++, as understanding how these languages interact with hardware and memory is crucial for exploit development. High-level languages like Python are also important for scripting and automating tasks.
Assembly Language & Reverse Engineering: Knowledge of assembly language is essential. It is the language of the processor, and understanding it will give you insight into how software behaves at the lowest level. Coupled with reverse engineering skills, you can deconstruct and understand how software is working, even when you don't have the source code.
Operating Systems: Have a deep understanding of the internals of various operating systems (especially Windows, Linux, and possibly macOS). Focus on topics like processes, threads, memory management, and the kernel.
Networking: Strong knowledge of networking is important. You should understand TCP/IP at a minimum, but also higher-level protocols like HTTP and DNS.
Buffer Overflows & Vulnerabilities: Study common types of vulnerabilities such as buffer overflows, use-after-free, race conditions, format string vulnerabilities, and integer overflows. Understanding how these vulnerabilities occur and how they can be exploited is key.
Exploitation Techniques: Study various exploitation techniques, such as Return-oriented Programming (ROP), heap spraying, and format string exploitation. These techniques are often used in crafting exploits for known vulnerabilities.
Shellcoding: Learn how to write shellcode, which is the payload that runs after successfully exploiting a vulnerability.
Fuzzing: Fuzzing is a technique for discovering bugs and potential vulnerabilities in software. Learning how to implement intelligent fuzzing strategies could help you find new exploits.
Security Tools: Get familiar with tools used in exploit development like debuggers (GDB, WinDbg), disassemblers (IDA Pro, Ghidra), and fuzzing tools (AFL, libFuzzer).
Ethics and Legal Concerns: Remember, all these skills must be used responsibly. You should have a strong understanding of the ethics involved in hacking, and you should only attempt to exploit software in legal contexts, such as part of a job where you have been given permission to do so, or in a controlled environment for research or educational purposes.
Keep up with Industry Trends: Exploit development is a constantly evolving field. Keep yourself updated with the latest vulnerabilities, exploitation techniques, and patches. Participate in Capture The Flag (CTF) competitions and follow various security blogs and forums.

Tutorials and Examples

Hex Editors

HexEdit.js - Browser-based hex editing.
Hexinator - World's finest (proprietary, commercial) Hex Editor.
Frhed - Binary file editor for Windows.
0xED - Native macOS hex editor that supports plug-ins to display custom data types.

File Format Analysis Tools

Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
Veles - Binary data visualization and analysis tool.
Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Reverse Engineering Tools

The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE REVERSE ENGINEERING SECTION for more references.

Ghidra - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate
Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
WDK/WinDbg - Windows Driver Kit and WinDbg.
OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
Radare2 - Open source, crossplatform reverse engineering framework.
x64dbg - Open source x64/x32 debugger for windows.
Immunity Debugger - Powerful way to write exploits and analyze malware.
Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
Medusa - Open source, cross-platform interactive disassembler.
plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
peda - Python Exploit Development Assistance for GDB.
dnSpy - Tool to reverse engineer .NET assemblies.
binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
Voltron - Extensible debugger UI toolkit written in Python.
Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Implant Creation

Return Oriented Programming

The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls
Blind return-oriented programming
Sigreturn-oriented Programming
Jump-Oriented Programming: A New Class of Code-Reuse Attack
ROP is Still Dangerous: Breaking Modern Defenses
Loop-Oriented Programming(LOP): A New Code Reuse Attack to Bypass Modern Defenses - by Bingchen Lan, Yan Li, Hao Sun, Chao Su, Yao Liu, Qingkai Zeng [2015]
Systematic Analysis of Defenses Against Return-Oriented Programming -by R. Skowyra, K. Casteel, H. Okhravi, N. Zeldovich, and W. Streilein [2013]
Return-oriented programming without returns -by S.Checkoway, L. Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, and M. Winandy [2010]
Jump-oriented programming: a new class of code-reuse attack -by T. K. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang [2011]
Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection - by L. Davi, A. Sadeghi, and D. Lehmann [2014]
Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard - by E. Göktas, E.Athanasopoulos, M. Polychronakis, H. Bos, and G.Portokalidis [2014]
Buffer overflow attacks bypassing DEP (NX/XD bits) – part 1 - by Marco Mastropaolo [2005]
Buffer overflow attacks bypassing DEP (NX/XD bits) – part 2 - by Marco Mastropaolo [2005]
Practical Rop - by Dino Dai Zovi [2010]
Exploitation with WriteProcessMemory - by Spencer Pratt [2010]
Exploitation techniques and mitigations on Windows - by skape
A little return oriented exploitation on Windows x86 – Part 1 - by Harmony Security and Stephen Fewer [2010]
A little return oriented exploitation on Windows x86 – Part 2 - by Harmony Security and Stephen Fewer [2010]

Windows memory protections

Windows memory protections Introduction Articles.

Exploit development tutorial series

Exploid Development Tutorial Series Base on Windows Operation System Articles.

README.md Unescape Escape