SlideShare a Scribd company logo

Advanced exploit development

Dan H, profile picture
Dan H

The document outlines a training session led by Danang Heriyadi on advanced exploit development over four days. Topics include basic and advanced techniques such as debugging, fuzzing, stack manipulation, mitigation strategies, and shellcode development, with case studies from various CVEs. The course is aimed at enhancing skills related to exploit development and vulnerability reporting.

TechnologyBusiness
1 of 6
Downloaded 106 times
1
2
3
4
5
6
“Black Hat Courses” Advanced Exploit Development By : Danang Heriyadi < danang@hatsecure.com > Hat Secure Training Session 1
Outline Courses | Day 1 ● Basic Exploit Development – Debugging – Fuzzing – Direct Return – Smashing Stack For Fun and Profit – Case Of Study ( From CVE ) ● CVE-2008-4250 ● CVE-2010-2568 ● Etc
Outline Courses | Day 2 ● Advanced Exploit Development #2 – Stack Hardener or Mitigation – Bypassing : – Data Execute Prevention – Structure Exeption Handler – Safe Structure Exception Handler – Case Of Study ( Microsoft ) ● Proof Of the Concept MS12-05 ● Proof Of the Concept MS12-020
Outline Courses | Day 3 ● Advanced Exploit Development #3 – Corruption the Heap – Heap Spraying the Software ● Internet Explorer ● Mozilla ● Etc – Metasploit Module Development
Outline Courses | Day 4 ● Advanced Exploit Development #4 – Single Denial Of Service ● Using Buffer Overflow Vulnerability – Shellcode Development ● Static Shellcode – Shellcode Injection ● PE Infection – Reporting vulnerability
Are you ready? June – July

More Related Content

PPTX
How I Learnt hacking in High School - BSidesLV - 2015
lokeshpidawekar
 
PDF
Ethical Hacking / Penetration Testing Training & Coaching
Cyber 51 LLC
 
PDF
Cybersecurity during real WAR [English version]
Vladyslav Radetsky
 
PPTX
Play,Learn and Hack- CTF Training
Heba Hamdy Farahat
 
PDF
Linux Exploit Research
Dan H
 
PDF
Advanced Exploit Development (Updated on 28 January, 2016)
Dan H
 
PDF
Seminar Hacking & Security Analysis
Dan H
 
PPTX
Return Oriented Programming (ROP) Based Exploits - Part I
n|u - The Open Security Community
 
How I Learnt hacking in High School - BSidesLV - 2015
lokeshpidawekar
 
Ethical Hacking / Penetration Testing Training & Coaching
Cyber 51 LLC
 
Cybersecurity during real WAR [English version]
Vladyslav Radetsky
 
Play,Learn and Hack- CTF Training
Heba Hamdy Farahat
 
Linux Exploit Research
Dan H
 
Advanced Exploit Development (Updated on 28 January, 2016)
Dan H
 
Seminar Hacking & Security Analysis
Dan H
 
Return Oriented Programming (ROP) Based Exploits - Part I
n|u - The Open Security Community
 

Viewers also liked (20)

PDF
Workshop 101 - Penetration testing & Vulnerability assessment system
Dan H
 
PDF
Backtrack 5 - network pentest
Dan H
 
PDF
Syllabus Advanced Exploit Development 22-23 June 2013
Dan H
 
PDF
Workshop 101 - Penetration testing & Vulnerability Assessment
Dan H
 
PDF
Return-Oriented Programming: Exploits Without Code Injection
guest9f4856
 
TXT
Exploit techniques - a quick review
Ce.Se.N.A. Security
 
PDF
Course lecture - An introduction to the Return Oriented Programming
Jonathan Salwan
 
PDF
Backtrack 5 - web pentest
Dan H
 
PDF
Ethical hacking
Khairi Aiman
 
PDF
Low Level Exploits
hughpearse
 
PDF
Web Hacking (basic)
Ammar WK
 
PDF
IOT Exploitation
Cysinfo Cyber Security Community
 
PDF
CODE BLUE 2014 : Microsoft Vulnerability Research: How to be a Finder as a Ve...
CODE BLUE
 
PDF
Sourcefire Vulnerability Research Team Labs
losalamos
 
PDF
Materi Vulnerability Development
Dan H
 
PDF
Workshop tp link router & open wrt
Dan H
 
PPT
Logical Attacks(Vulnerability Research)
Ajay Negi
 
PDF
Exploiting arm linux
Dan H
 
PDF
Linux Shellcode disassembling
Harsh Daftary
 
PPTX
07 - Bypassing ASLR, or why X^W matters
Alexandre Moneger
 
Workshop 101 - Penetration testing & Vulnerability assessment system
Dan H
 
Backtrack 5 - network pentest
Dan H
 
Syllabus Advanced Exploit Development 22-23 June 2013
Dan H
 
Workshop 101 - Penetration testing & Vulnerability Assessment
Dan H
 
Return-Oriented Programming: Exploits Without Code Injection
guest9f4856
 
Exploit techniques - a quick review
Ce.Se.N.A. Security
 
Course lecture - An introduction to the Return Oriented Programming
Jonathan Salwan
 
Backtrack 5 - web pentest
Dan H
 
Ethical hacking
Khairi Aiman
 
Low Level Exploits
hughpearse
 
Web Hacking (basic)
Ammar WK
 
IOT Exploitation
Cysinfo Cyber Security Community
 
CODE BLUE 2014 : Microsoft Vulnerability Research: How to be a Finder as a Ve...
CODE BLUE
 
Sourcefire Vulnerability Research Team Labs
losalamos
 
Materi Vulnerability Development
Dan H
 
Workshop tp link router & open wrt
Dan H
 
Logical Attacks(Vulnerability Research)
Ajay Negi
 
Exploiting arm linux
Dan H
 
Linux Shellcode disassembling
Harsh Daftary
 
07 - Bypassing ASLR, or why X^W matters
Alexandre Moneger
 
Ad

Similar to Advanced exploit development (20)

PDF
N3XAsec CPTE plan de estudios detallado
Rafael Seg
 
PPTX
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Black Duck by Synopsys
 
PDF
Chris Rutter: Avoiding The Security Brick
Michael Man
 
DOCX
Current Article Review1. Locate a current article about Regul.docx
annettsparrow
 
PDF
MTA 361 software development fundamentals
NR Computer Learning Center
 
PPTX
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Alexander Sverdlov
 
PPTX
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
PDF
Avoiding the security brick
Equal Experts
 
PDF
Majdi_Halawani_CV
Jad Halawani
 
PDF
Cmgt 442 cmgt442
GOODCourseHelp
 
PDF
Threat Modeling workshop by Robert Hurlbut
DevSecCon
 
PDF
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Chris Gates
 
DOCX
ICT.docx
GudipudiDayanandam
 
PDF
OTechs-Hacking_and_Penetration_Testing
Osman Suliman
 
PPT
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
PDF
CS3391 -OOP -UNIT – III NOTES FINAL.pdf
AALIM MUHAMMED SALEGH COLLEGE OF ENGINEERING
 
PDF
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Pluribus One
 
PDF
Online Sync meetup: Metasploit 101 slides
cyberforgeacademy
 
PPTX
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Dr. Anish Cheriyan (PhD)
 
PPTX
Server-side template injection- Slides
Amit Dubey
 
N3XAsec CPTE plan de estudios detallado
Rafael Seg
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Black Duck by Synopsys
 
Chris Rutter: Avoiding The Security Brick
Michael Man
 
Current Article Review1. Locate a current article about Regul.docx
annettsparrow
 
MTA 361 software development fundamentals
NR Computer Learning Center
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Alexander Sverdlov
 
How to implement NIST cybersecurity standards in my organization
Exigent Technologies LLC
 
Avoiding the security brick
Equal Experts
 
Majdi_Halawani_CV
Jad Halawani
 
Cmgt 442 cmgt442
GOODCourseHelp
 
Threat Modeling workshop by Robert Hurlbut
DevSecCon
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Chris Gates
 
ICT.docx
GudipudiDayanandam
 
OTechs-Hacking_and_Penetration_Testing
Osman Suliman
 
Qualys user group presentation - vulnerability management - November 2009 v1 3
Tom King
 
CS3391 -OOP -UNIT – III NOTES FINAL.pdf
AALIM MUHAMMED SALEGH COLLEGE OF ENGINEERING
 
Battista Biggio @ ICML 2015 - "Is Feature Selection Secure against Training D...
Pluribus One
 
Online Sync meetup: Metasploit 101 slides
cyberforgeacademy
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Dr. Anish Cheriyan (PhD)
 
Server-side template injection- Slides
Amit Dubey
 
Ad

Recently uploaded (20)

PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Cloud computing and distributed systems.
kkkkkhan
 

Advanced exploit development