cyber-security-resources/exploit_development
2019-05-30 15:20:45 -04:00
..
README.md Update README.md 2019-05-30 15:20:45 -04:00

Exploit Development References

Tutorials and Examples

Hex Editors

  • HexEdit.js - Browser-based hex editing.
  • Hexinator - World's finest (proprietary, commercial) Hex Editor.
  • Frhed - Binary file editor for Windows.
  • 0xED - Native macOS hex editor that supports plug-ins to display custom data types.

File Format Analysis Tools

  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles - Binary data visualization and analysis tool.
  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Reverse Engineering Tools

The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE REVERSE ENGINEERING SECTION for more references.

  • Ghidra - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate
  • Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
  • WDK/WinDbg - Windows Driver Kit and WinDbg.
  • OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  • Radare2 - Open source, crossplatform reverse engineering framework.
  • x64dbg - Open source x64/x32 debugger for windows.
  • Immunity Debugger - Powerful way to write exploits and analyze malware.
  • Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
  • Medusa - Open source, cross-platform interactive disassembler.
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • peda - Python Exploit Development Assistance for GDB.
  • dnSpy - Tool to reverse engineer .NET assemblies.
  • binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
  • Voltron - Extensible debugger UI toolkit written in Python.
  • Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  • rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
  • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Implant Creation

Return Oriented Programming

Windows memory protections

Windows memory protections Introduction Articles.

Bypassing filter and protections

Windows memory protections Bypass Methods Articles.

Typical windows exploits

Exploit development tutorial series

Exploid Development Tutorial Series Base on Windows Operation System Articles.