Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strategic Security, Inc. © Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray

Published byIsaac Wheeler Modified over 9 years ago

Similar presentations

Presentation on theme: "Strategic Security, Inc. © Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray"— Presentation transcript:

1 Strategic Security, Inc. © http://www.strategicsec.com/ Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray joe@strategicsec.com http://www.linkedin.com/in/joemccray http://twitter.com/j0emccray

2 Strategic Security, Inc. © http://www.strategicsec.com/ Who Is This Talk For? Who is this for? Security Professionals and hobbyists interested in understanding exploit development Security Professionals and hobbyist interested in the fundamentals of writing exploits No Geekenese: This is NOT a technical, although there will be some technical info – it’s more of a getting started guide than anything else

3 Strategic Security, Inc. © http://www.strategicsec.com/ Things I’ll Be Covering Today What programming languages you need to know? What are the best ways to learn these languages? What tools do you need? Which tools should you start with first? What references you use to get started and more importantly what to avoid?

4 Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? An Interpreted Language (Perl, Python, Ruby) C Assembly

5 Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? If you are new to programming – start with an interpreted language first Perl, Python, Ruby Youtube is your friend – the best I’ve seen is from ‘thenewboston’ Python: https://www.youtube.com/watch?v=4Mf0h3HphEAhttps://www.youtube.com/watch?v=4Mf0h3HphEA Ruby: https://www.youtube.com/watch?v=WJlfVjGt6Hghttps://www.youtube.com/watch?v=WJlfVjGt6Hg Perl used the be the exploit and tool development language of choice Now it’s Python and Ruby

6 Strategic Security, Inc. © http://www.strategicsec.com/ What Programming Languages Do I Need To Know/Learn? The C Programming Language Greg Perry is an amazing teacher of programming languages I highly recommend “Absolute Beginner’s Guide to C” Publisher: Sams; 2nd Edition ISBN-10: 0672305100 ISBN-13: 978-0672305108

7 Strategic Security, Inc. © http://www.strategicsec.com/ Vivek Ramachandran (SecurityTube.net) @SecurityTube The Assembly Programming Language Assembly For Hackers Video Series: http://www.securitytube.net/groups?operation=view&groupId=5 http://www.securitytube.net/groups?operation=view&groupId=6 What Programming Languages Do I Need To Know/Learn?

8 Strategic Security, Inc. © http://www.strategicsec.com/ What Tools Do You Need? Virtualization Platform (VMWare, VirtualBox, etc) Target VMs (XPSP3, Win7, Ubuntu 10) Debuggers OllyDBG: http://www.ollydbg.de/http://www.ollydbg.de/ Immunity: http://immunitysec.com/products-immdbg.shtmlhttp://immunitysec.com/products-immdbg.shtml WinDBG: http://www.windbg.org/http://www.windbg.org/ IDA Pro: http://www.hex-rays.com/products/ida/support/download.shtmlhttp://www.hex-rays.com/products/ida/support/download.shtml Vulnerable Software http://www.oldapps.com/ http://www.exploit-db.com/ Exploit Code http://www.exploit-db.com/ http://packetstormsecurity.org/files/tags/exploit/

9 Strategic Security, Inc. © http://www.strategicsec.com/ Which Tools Should I Start With First? For your first few times dealing with simple exploits I’d recommend OllyDBG After that I think you should move to either Immunity or WinDBG I would say that IDA Pro should be left for advanced users

10 Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? If you are BRAND NEW – start with these tutorials: http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit- development/http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit- development/ http://resources.infosecinstitute.com/seh-exploit/ If you have a little experience – start with the Corelan.be tutorials https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up- basic-exploit-development/ https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and- aslr /

11 Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? To break up the monotony I’d recommend doing some reversing tutorials http://tuts4you.com/download.php Stay away from the majority of books on Buffer Overflows Way too much focus on source code Way too much focus classic buffer overflows on old OSs Books I would recommend (after you’ve done the tutorial list earlier) are: Art of Exploitation Shellcoder’s Handbook

12 Strategic Security, Inc. © http://www.strategicsec.com/ What References Should I Use To Learn ED And Which Should I Avoid? If you are going to take a class at a security conference: Exploit Labs with Saumil Shah Corelan Live with Peter Van Eeckhoutte

13 Strategic Security, Inc. © http://www.strategicsec.com/ Major Resources Vivek Ramachandran (SecurityTube.net) @SecurityTube Assembly For Hackers Video Series: http://www.securitytube.net/groups?operation=view&groupId=5 http://www.securitytube.net/groups?operation=view&groupId=6 Exploit Development Basics Video Series http://www.securitytube.net/groups?operation=view&groupId=7 http://www.securitytube.net/groups?operation=view&groupId=4

14 Strategic Security, Inc. © http://www.strategicsec.com/ Major Resources Peter Van Eeckhoutte (https://www.corelan.be/)https://www.corelan.be/ @corelanc0d3r Hands-Down Probably The Best Tutorials on the market: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up- basic-exploit-development/ https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and- aslr/ https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/ https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/ https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/

15 Strategic Security, Inc. © http://www.strategicsec.com/ Tutorial Lists Basics: http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html More All-Encompassing List https://code.google.com/p/it-sec-catalog/wiki/Exploitation

16 Strategic Security, Inc. © http://www.strategicsec.com/ Specific Exploit Topics Basics: http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html More All-Encompassing List https://code.google.com/p/it-sec-catalog/wiki/Exploitation

17 Strategic Security, Inc. © http://www.strategicsec.com/ Contact Me.... Toll Free:1-866-892-2132 Email:joe@strategicsec.com Twitter:http://twitter.com/j0emccray LinkedIn: http://www.linkedin.com/in/joemccray

Download ppt "Strategic Security, Inc. © Exploit Development For Mere Mortals Part 1: Getting Started Presented By: Joe McCray"

Similar presentations

Uniworld Wire-less Wireless E-Mail at Your Fingertips.

Uniworld Wire-less Wireless at Your Fingertips.
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Welcome Course name Faculty name. Your course materials Solomon/Berg/Martin Biology, 8th Edition You will… —be tested —receive homework assignments —have.

Welcome Course name Faculty name. Your course materials Solomon/Berg/Martin Biology, 8th Edition You will… —be tested —receive homework assignments —have.
Reflect & Relate with VideoCentral 3rd Edition Steven McCornack

Reflect & Relate with VideoCentral 3rd Edition Steven McCornack
Successful College Writing 5 th Edition Kathleen T. McWhorter ©2012 Bedford/St. Martin’s ISBN-10: 0-312-67608-5 ISBN-13: 978-0-312-67608-7 Successful College.

Successful College Writing 5 th Edition Kathleen T. McWhorter ©2012 Bedford/St. Martin’s ISBN-10: ISBN-13: Successful College.
Public speaking: the basics

Public speaking: the basics
Be The Match Community Tutorial Welcome This tutorial will help you get the most out of your experience. We’ve created this community to help you connect.

Be The Match Community Tutorial Welcome This tutorial will help you get the most out of your experience. We’ve created this community to help you connect.
Nibin Varghese iViZ Security, Kolkata Reverse Engineering for Exploit Writers.

Nibin Varghese iViZ Security, Kolkata Reverse Engineering for Exploit Writers.
How to gain traffic and exposure using LinkedIn. LinkedIn is first a networking tool. The principle of networking is to give without expecting something.

How to gain traffic and exposure using LinkedIn. LinkedIn is first a networking tool. The principle of networking is to give without expecting something.
CA214 Systems Analysis B.Sc. in Computer Applications.

CA214 Systems Analysis B.Sc. in Computer Applications.
CompClass for A Canadian Writer’s Reference 5 th Ed. Diana Hacker Nancy Sommers.

CompClass for A Canadian Writer’s Reference 5 th Ed. Diana Hacker Nancy Sommers.
How to Write Anything 2 nd Edition John J. Ruszkiewicz Jay T. Dolmage ©2012 Bedford/St. Martin’s ISBN-10: 0-312-67490-2 ISBN-13: 978-0-312-67490-8 How.

How to Write Anything 2 nd Edition John J. Ruszkiewicz Jay T. Dolmage ©2012 Bedford/St. Martin’s ISBN-10: ISBN-13: How.
©Direct Learn Training Ltd.http://www.online-conference.net Presenter: Geoff Minshull Direct Learn Online Conferencing 2 nd August 2004 Direct Learn Online.

©Direct Learn Training Ltd. Presenter: Geoff Minshull Direct Learn Online Conferencing 2 nd August 2004 Direct Learn Online.
Copyright 2007 Byrne Reese. Distributed under Creative Commons, share and share alike with attribution. Intermediate Perl Programming Class One Instructor:

Copyright 2007 Byrne Reese. Distributed under Creative Commons, share and share alike with attribution. Intermediate Perl Programming Class One Instructor:
Gerry O’Brien| Technical Content Development Manager Paul Pardi| Senior Content Publishing Manager.

Gerry O’Brien| Technical Content Development Manager Paul Pardi| Senior Content Publishing Manager.
HistoryClass for The American Promise 5 th Ed. James L. Roark.

HistoryClass for The American Promise 5 th Ed. James L. Roark.
Intro to Python Programming (Resources) Pamela A. Moore Zenia C. Bahorski Eastern Michigan University March 7, 2012 A language to swear by, not at. 1.

Intro to Python Programming (Resources) Pamela A. Moore Zenia C. Bahorski Eastern Michigan University March 7, 2012 A language to swear by, not at. 1.
Today’s course Handouts can be found at: www.learninglibrary.com/handouts What’s Next in Social Media Top 5 Trends To Turn Your Social Empire into Gold.

Today’s course Handouts can be found at: What’s Next in Social Media Top 5 Trends To Turn Your Social Empire into Gold.
Atomic Learning, Inc. Embrace technology. Empower yourself.

Atomic Learning, Inc. Embrace technology. Empower yourself.

Similar presentations

Ads by Google