Strategic Security, Inc. © Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray

Slides:



Advertisements
Similar presentations
Uniworld Wire-less Wireless at Your Fingertips.
Advertisements

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Welcome Course name Faculty name. Your course materials Solomon/Berg/Martin Biology, 8th Edition You will… —be tested —receive homework assignments —have.
Reflect & Relate with VideoCentral 3rd Edition Steven McCornack
Successful College Writing 5 th Edition Kathleen T. McWhorter ©2012 Bedford/St. Martin’s ISBN-10: ISBN-13: Successful College.
Public speaking: the basics
Be The Match Community Tutorial Welcome This tutorial will help you get the most out of your experience. We’ve created this community to help you connect.
Nibin Varghese iViZ Security, Kolkata Reverse Engineering for Exploit Writers.
How to gain traffic and exposure using LinkedIn. LinkedIn is first a networking tool. The principle of networking is to give without expecting something.
CA214 Systems Analysis B.Sc. in Computer Applications.
CompClass for A Canadian Writer’s Reference 5 th Ed. Diana Hacker Nancy Sommers.
How to Write Anything 2 nd Edition John J. Ruszkiewicz Jay T. Dolmage ©2012 Bedford/St. Martin’s ISBN-10: ISBN-13: How.
©Direct Learn Training Ltd. Presenter: Geoff Minshull Direct Learn Online Conferencing 2 nd August 2004 Direct Learn Online.
Copyright 2007 Byrne Reese. Distributed under Creative Commons, share and share alike with attribution. Intermediate Perl Programming Class One Instructor:
Gerry O’Brien| Technical Content Development Manager Paul Pardi| Senior Content Publishing Manager.
HistoryClass for The American Promise 5 th Ed. James L. Roark.
Intro to Python Programming (Resources) Pamela A. Moore Zenia C. Bahorski Eastern Michigan University March 7, 2012 A language to swear by, not at. 1.
Today’s course Handouts can be found at: What’s Next in Social Media Top 5 Trends To Turn Your Social Empire into Gold.
Atomic Learning, Inc. Embrace technology. Empower yourself.
MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).
1All information is copyright © SixFigureStart® 2015 Social Media & Your Job Search: A focus on LinkedIn Presented by SixFigureStart®
CSE554Course ProjectSlide 1 CSE 554 Course Projects Fall 2014.
Creating an Online Professional Presence Using Social Media.
Welcome Course name Faculty name. YOUR COURSE MATERIALS Kirszner & Mandell The Wadsworth Handbook, 8e You will… — be tested — receive homework assignments.
Making Literature Matter 5 th Edition John Schilb John Clifford ©2012 Bedford/St. Martin’s ISBN-10: ISBN-13:
Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC.
Using Mobile Google Tools Tech Tip Project - Fall 2011 A guide to a Digital Portfolio October 17 th, 2011 MEDT 7477 Dr. Cooper Barry D. Thibault.
Writer’s Help A Bedford/St. Martin’s Online Handbook Diana Hacker | Stephen A. Bernhardt | Nancy Sommers ©2011 Bedford/St. Martin’s Two Year Access Card.
Python Lab Summary and Resources Proteomics Informatics, Spring 2014 Week nd Apr, 2014
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Socratic Seminar Day Please have the following READY : Performance Assessment Book Prepared Questions(green sheet)
ECE 103 Engineering Programming Chapter 1 Introduction Herbert G. Mayer, PSU CS Status 6/19/2015 Initial content copied verbatim from ECE 103 material.
Strategic Security, Inc. © Exploit Development For Mere Mortals Part 4: Windows Stack Overflows Presented By: Joe McCray
Strategic Security, Inc. © Introduction To SQL Injection Presented By: Joe McCray
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
1 st PeriodAP Computer Science 2 nd PeriodComputer Science I 3 rd PeriodIntroduction to Programming 4 th PeriodComputer Science I/ Advanced Projects Lunch.
The Bedford Handbook 8 th Edition Diana Hacker Nancy Sommers ©2010 Bedford/St. Martin’s Hardcover text ISBN-10: ISBN-13:
A Pocket Guide to Public Speaking 4 th Edition Dan O’Hair Hannah Rubenstein Rob Stewart ©2013 Bedford/St. Martin’s ISBN-10: ISBN-13:
Hacking Techniques & Intrusion Detection Ali Al-Shemery arabnix [at] gmail.
Visit The World’s First Guaranteed Results Marketing Firm Topic: Personal Branding.
Preparing For The Strategic Security CTF
Using Social Media for Fundraising and Communication with Supporters Lindsay Boyle – Communications & Research Coordinator Claire Chapman – Information.
Writing Presentation. How to start? 1. Start quite formally: Today I´m going to talk about … In this presentation, I´d like to tell you a little bit about...
Strategic Security, Inc. © Application Security is Easy Right?
Automated Security Testing Using The ZAP API. About Me My name is Michael Haselhurst. I work for Sage as a Test Analyst. This is the first OWASP meeting.
LSE Challenge Future Team. problem Education is boring. People do not learn what they want and need, but what they’re forced to.
Welcome Course name Faculty name. YOUR COURSE MATERIALS Gaines/Miller Criminal Justice in Action: The Core, 4e You will… — be tested — receive homework.
Created By: cmmtessier July 18, 2011Ubuntu Community Week 2011 Marketing at Local Festivals and Markets Organic Software Marketing at Local Festivals and.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
1 st PeriodAP Computer Science 2 nd PeriodComputer Science I 3 rd PeriodIntroduction to Programming 4 th PeriodComputer Science I/ Advanced Projects Lunch.
Exploitation Development and Implementation PRESENTER: BRADLEY GREEN.
Welcome Course name Faculty name. YOUR COURSE MATERIALS Weiten, Psychology: Themes and Variations, Briefer Edition, 7th Ed. You will… — be tested — receive.
Self-Directed Learning
CompClass for How To Write Anything 2nd Ed. John J. Rusziewicz
Exploiting and Defense
3D Printing Essentials Emmett Lalish | Mechanical Engineer
CST 1101 Problem Solving Using Computers
Rodrigo Araújo and Valéria S. Dias SPRACE – USP
Secure Programming Dr. X
Programming Robotic Systems using Visual Studio
Youtube customer Support. YouTube Helpline number
Technical Support for QuickBooks Enterprise Solutions In May 2002, Intuit Inc launched QuickBooks Enterprise – a brilliant accounting application. The.
SpeechClass for A Speaker’s Guidebook 5th Ed. Dan O’Hair Rob Stewart
CompClass for How To Write Anything 2nd Ed. John J. Rusziewicz
Introduction to Scala Unit 1
Accelerated Introduction to Computer Science
Course Information Teacher: Cliff Zou Office: HEC
MassCommClass for Media & Culture 2013 Update 8th Ed. Richard Campbell.
Presentation transcript:

Strategic Security, Inc. © Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray

Strategic Security, Inc. © Who Is This Talk For? Who is this for? Security Professionals and hobbyists interested in understanding exploit development Security Professionals and hobbyist interested in the fundamentals of writing exploits No Geekenese: This is NOT a technical, although there will be some technical info – it’s more of a getting started guide than anything else

Strategic Security, Inc. © Things I’ll Be Covering Today What programming languages you need to know? What are the best ways to learn these languages? What tools do you need? Which tools should you start with first? What references you use to get started and more importantly what to avoid?

Strategic Security, Inc. © What Programming Languages Do I Need To Know/Learn? An Interpreted Language (Perl, Python, Ruby) C Assembly

Strategic Security, Inc. © What Programming Languages Do I Need To Know/Learn? If you are new to programming – start with an interpreted language first Perl, Python, Ruby Youtube is your friend – the best I’ve seen is from ‘thenewboston’ Python: Ruby: Perl used the be the exploit and tool development language of choice Now it’s Python and Ruby

Strategic Security, Inc. © What Programming Languages Do I Need To Know/Learn? The C Programming Language Greg Perry is an amazing teacher of programming languages I highly recommend “Absolute Beginner’s Guide to C” Publisher: Sams; 2nd Edition ISBN-10: ISBN-13:

Strategic Security, Inc. © Vivek Ramachandran The Assembly Programming Language Assembly For Hackers Video Series: What Programming Languages Do I Need To Know/Learn?

Strategic Security, Inc. © What Tools Do You Need? Virtualization Platform (VMWare, VirtualBox, etc) Target VMs (XPSP3, Win7, Ubuntu 10) Debuggers OllyDBG: Immunity: WinDBG: IDA Pro: Vulnerable Software Exploit Code

Strategic Security, Inc. © Which Tools Should I Start With First? For your first few times dealing with simple exploits I’d recommend OllyDBG After that I think you should move to either Immunity or WinDBG I would say that IDA Pro should be left for advanced users

Strategic Security, Inc. © What References Should I Use To Learn ED And Which Should I Avoid? If you are BRAND NEW – start with these tutorials: development/ development/ If you have a little experience – start with the Corelan.be tutorials basic-exploit-development/ aslr /

Strategic Security, Inc. © What References Should I Use To Learn ED And Which Should I Avoid? To break up the monotony I’d recommend doing some reversing tutorials Stay away from the majority of books on Buffer Overflows Way too much focus on source code Way too much focus classic buffer overflows on old OSs Books I would recommend (after you’ve done the tutorial list earlier) are: Art of Exploitation Shellcoder’s Handbook

Strategic Security, Inc. © What References Should I Use To Learn ED And Which Should I Avoid? If you are going to take a class at a security conference: Exploit Labs with Saumil Shah Corelan Live with Peter Van Eeckhoutte

Strategic Security, Inc. © Major Resources Vivek Ramachandran Assembly For Hackers Video Series: Exploit Development Basics Video Series

Strategic Security, Inc. © Major Resources Peter Van Eeckhoutte Hands-Down Probably The Best Tutorials on the market: basic-exploit-development/ aslr/

Strategic Security, Inc. © Tutorial Lists Basics: More All-Encompassing List

Strategic Security, Inc. © Specific Exploit Topics Basics: More All-Encompassing List

Strategic Security, Inc. © Contact Me.... Toll Free: Twitter: LinkedIn:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.