Introduction to Exploit Development

Projects for CCSF

CCSF Project Submission

Each project has "flags". To get credit, capture a full-desktop image with the flag visible and highlighted, including a clock showing the date and time. Email the images to cnit.127sam@gmail.com

To capture a screenshot on a PC, press Shift+PrntScrn, open Paint, and press Ctrl+V.

To capture a screenshot on a Mac, press Shift+Cmd+3

Local Virtual Machines

Only for students without credit cards

ED 10: Kali Virtual Machine  15
ED 21: Windows 2016 Server Virtual Machine  10

I: Command Injection

ED 200: Google Cloud Linux Server  15
ED 101: Essential Linux 15 + 10 extra
ED 102. Command Injection 20 + 40 extra
ED 103: SQL Injection 30 + 155 extra

II: Binary Exploits for Linux

ED 201: Linux Buffer Overflow With Command Injection  15
ED 202: Linux Buffer Overflow Without Shellcode  40 + 75 extra
ED 203: Linux Buffer Overflow With Listening Shell  45
ED 204: Exploiting a Format String Vulnerability  20
ED 205: Very Simple Heap Overflow  10 + 20 extra
ED 206: Heap Overflow via Data Overwrite  10 + 35 extra
ED 207: Linux Buffer Overflow with ROP (requires VMware)  15
ED 210: Exploiting a Race Condition  10

III: Binary Exploits for Windows

ED 300: Windows 2016 Server Cloud Server  15
ED 308: Exploiting "Vulnerable Server" on Windows  25

     The Wild World of Windows (pdf) · (keynote)

ED 301: Windows Stack Protection I: Assembly Code  15
ED 302: Windows Stack Protection II: Exploit Without ASLR  15
ED 310: Windows Mitigations  10
ED 318: Exploiting Easy RM to MP3 Converter on Windows with ASLR  30
ED 319: SEH-Based Stack Overflow Exploit  40

IV: ARM

ED 401: ARM Stack Overflow Exploit  20

ETERNALROMANCE added 6-2-19 5:40 am
China scores archived 6-6-19
Cloud versions added for 201 and 202 7-17-19
More cloud versions added 8-1-19 & 8-3-19
Scores from BHUSA added 8-5-19
Easy MP3 added 8-5-19
Black Hat scores archived and DEF CON image added 8-7-19
Reformatted for CCSF use 8-16-19
Screenshot instructions added 8-19-19
Point total for ED 103 and ED 202c corrected 9-9-19
ED 303 removed 9-16-19
ED 206 added 9-18-19
Point total for ED 310 corrected to 10 9-19-19