Introduction to Exploit Development

SAINTCON 2019

Scoreboard · Submit Flags

Past Events#Max
BHUSA Aug 2019  16735
BHUSA Aug 2019321210

I: Command Injection

ED 200: Google Cloud Linux Server  15
ED 101: Essential Linux 25
ED 102. Command Injection 60
ED 103: SQL Injection 205
ED 104: CMD Injection 50
ED 105: Server Side Template Injection (SSTI) 35

II: Binary Exploits for Linux

ED 201: Linux Buffer Overflow With Command Injection  15
ED 202: Linux Buffer Overflow Without Shellcode  115
ED 203: Linux Buffer Overflow With Listening Shell  45
ED 204: Exploiting a Format String Vulnerability  20
ED 205: Very Simple Heap Overflow  30
ED 206: Heap Overflow via Data Overwrite  45
ED 207: Linux Buffer Overflow with ROP (requires VMware)  15
ED 210: Exploiting a Race Condition  10
ED 220: Intro to 64-bit Assembler  40

III: Binary Exploits for Windows

ED 300: Windows 2016 Server Cloud Server  15
ED 308: Exploiting "Vulnerable Server" on Windows  50

     The Wild World of Windows (pdf) · (keynote)

ED 301: Windows Stack Protection I: Assembly Code  15
ED 302: Windows Stack Protection II: Exploit Without ASLR  15
ED 303: Windows Stack Protection III: Limitations of ASLR  15
ED 310: Windows Mitigations  10
ED 318: Exploiting Easy RM to MP3 Converter on Windows with ASLR  30
ED 319: SEH-Based Stack Overflow Exploit  65
ED 330: C# Dot Net  20
ED 331: Dot Net Reflector  45

IV: ARM

ED 401: ARM Stack Overflow Exploit  20

Windows 2008 Virtual Machine for Malware Analysis

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

VMs

For VMware: Win2008Malware.7z
Size: 2,073,173,278 bytes
SHA-256: c2d59bb80d71cb73350fe436d2658eeb46c869edce66c950ce97268e2a2fa25a

For VirtualBox: Win2008MalwareVB.7z
Size: 3,754,472,442 bytes
SHA-256: 879584a72752a3a22843b21e02992e6aa78ad4b73aed5536a44c91613d813113

For Hyper-V: Svr8Vm12.7z
Size: 2.21 GB

I: Basic Static Analysis

PMA 1: Basic Static Techniques  10
PMA 2. Unpacking  20

II: Basic Dynamic Analysis

PMA 3: Basic Dynamic Analysis  10
PMA 4. Keylogger  15

III: Advanced Static Analysis

PMA 5. Jasmin  10
PMA 6. IDA Pro  50
PMA 11. Ghidra  15

IV: Advanced Dynamic Analysis

PMA 7. Simple EXE Hacking with Ollydbg  120
PMA 8: Adding Trojan Code with LordPE  20
PMA 9. Kernel Debugging with LiveKd & WinDbg  120
PMA 10. SSDT Hooking  15

Foundational Skills

H 0: Binary Games  50
B: Bandit  230

Violent Python

A1: Port Scanning  30
A2: HTTP Requests  40
A3: Password Hashes  50
A4: XOR Encryption  15
A5: DNS Monitoring  15

Scores archived 10-21-19

ETERNALROMANCE added 6-2-19 5:40 am
China scores archived 6-6-19
Cloud versions added for 201 and 202 7-17-19
More cloud versions added 8-1-19 & 8-3-19
Scores from BHUSA added 8-5-19
Easy MP3 added 8-5-19
Black Hat scores archived and DEF CON image added 8-7-19
Scores archived 10-21-19