Violent Python & Exploit DevelopmentWorking Connections IllinoisSam BowneSchedule · Powerpoints · Projects · Links · Home Page
|
Class DescriptionEven if you have never programmed before, you can quickly and easily learn how to make custom hacking tools in Python. In hands-on projects, participants will create tools and hack into test systems, including:
In the exploit development section, students will take over vulnerable systems with simple Python scripts. Hands-on projects will include:
Technical RequirementsParticipants need a computer (Windows, Mac, or Linux) with VMware Player or VMware Fusion. USB thumbdrives will be available with Kali Linux and Windows Server 2008 virtual machines to use.All the class materials are freely available on my Web page (samsclass.info) for anyone to use. Prerequisite KnowledgeParticipants should be familiar with networking and security concepts at the Network+ and Security+ level. Previous programming experience is helpful but not necessary.Learning OutcomesUpon successful completion of this course, the student will be able to:
TextbooksViolent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O'Connor -- ISBN-10: 1597499579 (2012) Buy from Amazon
The Shellcoder's Handbook: Discovering and Exploiting Security Holes, by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte; ASIN: B004P5O38Q
Buy from Amazon |
Schedule | ||||
---|---|---|---|---|
Mon May 22, 1:00 - 6:00 pm | Command Injection & SQL Injection | |||
Tue May 23, 8:30 am - 5:00 pm | Violent Python | |||
Wed May 24, 8:30 am - 5:00 pm | Exploit Development on Linux: Stack overflows, heap overflows, format string exploits, shellcode, & debugging | |||
Thu May 25, 8:30 am - 5:00 pm | Exploit Development on Windows: Buffer Overflows and Defeating Defenses | |||
Fri May 26, 8:30 am - 12:00 pm | Special Topics TBA |
|
Projects: Violent Python
|
|
Other ProjectsPassword Hash ProjectsCracking Linux Password Hashes with HashcatCracking Windows Password Hashes with Hashcat Web ProjectsExploiting SQLi with Havij and Input FilteringHijacking HTTPS Sessions with SSLstrip Reverse-Engineering an Authentication Cookie Password Guessing Games Password Brute Force Challenges CryptoCracking a Caesar Cipher with CrypTool 2Antivirus EvasionAntivirus Evasion with PythonKeylogger with Python Defeating Norton Antivirus with Python
Cultural EnrichmentHow to view someones IP address and connection speed with TRACER T! - YouTubeI Pwned Your Server - YouTube
Exploit DevelopmentUsing Jasmin to run x86 Assembly CodeAssembly Code Challenges
Linux Buffer Overflow |
LecturesMotivationThe Security Circus · KEYNOTE · PDFData Breaches: Real and Imaginary (ppt) Bitcoin (key)
Security Problems at Colleges (pptx)
SSL Certificates
at Banks
Violent PythonViolent Python: Introduction and Motivation (pptx)
Android App VulnerabilitiesPasswords on a Phone (Redacted) (KEY file)Staples App Insecure Encryption (Fixed) Homework: Steal My Credit Card Information Exploit DevelopmentExploiting LinuxCh 2: Stack overflows on Linux (pptx)Ch 3: Shellcode (pptx) Ch 4: Introduction to format string bugs (pptx) Ch 5: Introduction to heap overflows (pptx) Exploiting WindowsCh 6: The Wild World of Windows (pptx)Lecture 7: Intro to 64-Bit Assembler (pptx) Ch 8: Windows overflows (Part 1) Ch 8: Windows overflows (Part 2) Ch 14: Protection Mechanisms (pptx) Some lectures are in Keynote format. To convert them to PowerPoint, use Cloud Convert. |
Links |
---|
Links for Chapter LecturesCh 1a: Anatomy of a Program in Memory - Excellent explanation from 2009Ch 1b: assembly - difference between 'or eax,eax' and 'test eax,eax'
Ch 2a: Smashing the Stack for Fun and Profit by Aleph One
Ch 3b: What's the difference of the Userland vs the Kernel?
Ch 4a: Format String Exploitation-Tutorial By Saif El-Sherel (updated 1-25-18, ty B Meixell)
Ch 5a: A Memory Allocator by Doug Lea
Ch 6a: theForger's Win32 API Tutorial
L7a: AMD64 Architecture Processor (pdf, downloads immediately) (updated 1-25-18, ty B Meixell)
Ch 8a: Win32 Thread Information Block - Wikipedia
Ch 17a: Awesome-Fuzzing: A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on )
Ch 18a: Cscope Home Page
Fuzz 1: Failure Observation Engine (FOE) tutorial - YouTube
Ch 16a: Socket.NoDelay Property
Hopper 1: Use The Debugger with Hopper Disassembler/Decompiler - YouTube Miscellaneous LinksSmashTheStack Wargaming NetworkGreat exploit tutorials from 2012 in the WayBack Machine Exploit Exercises farlight.org -- useful exploits and shells Bypassing AV Scanners -- OLLYDBG PROJECT IN HERE Valgrind Tutorial Bypassing EMET's EAF with custom shellcode using kernel pointer (from 2011) Disarming Enhanced Mitigation Experience Toolkit (EMET) v 5.0 Rootkits by Csaba Barta (from 2009) (updated 1-25-18, ty B Meixell) PSA: don't run 'strings' on untrusted files -- WORTH EXPLOITING From 0-day to exploit -- Buffer overflow in Belkin N750 (CVE-2014-1635) Disarming and Bypassing EMET 5.1 BinScope Binary Analyzer -- vulnerability detector Popular security suites open to attack -- DEP and ASLR Not Enabled GDB: Debugging stripped binaries USBPcap -- USE FOR PROJECTS PBKDF2 - Wikipedia Installing VMware Tools on Kali Linux Kali Linux Downloads IMMUNITY : Download How to setup Dark Comet RAT (with download and pictures) : hacking Cython: C-Extensions for Python -- MAKES SMALL EXEs HT Editor -- powerful binary ELF editor ntpdc local buffer overflow - Exploit Development example, interesting GDB commands Seven Resume Strategies for the Long-Term Unemployed KdExploitMe - Hackable Windows Kernel Driver -- USE FOR PROJECTS 64-bit Linux Return-Oriented Programming Exploit Exercises -- GOOD FOR PROJECTS WIRESHARK 1.12.4 and below Access Violation and Memory Corruption PoC Fuzzing with AFL-Fuzz, a Practical Example ( AFL vs binutils ) -- USEFUL FOR PROJECT Radare portable reversing framework Hopper: The OS X and Linux Disassembler -- GOOD FOR PROJECTS Gdbinit: user-friendly gdb configuration file -- GOOD FOR PROJECTS Format String Bug Exploration -USEFUL FOR PROJECT 90s-style security flaw puts "millions" of routers at risk -- LOOKS GOOD FOR A PROJECT Exploit Development Class for Win 7 64-bit -- USEFUL FOR PROJECTS EDB (Evan's Debugger) -- Like OllyDbg on Linux ty @offsectraining Sophos AV Bypass - YouTube New buffer overflow protection in gcc 4.9 -fstack-protector-strong Old Versions of Kali Linux Animated Metasploit Linux Payload in gdb - YouTube Stack Smashing On A Modern Linux System Buffer Overflow Vulnerability Lab VMware Tools installation fails when Easy Install is in progress -- GOOD SOLUTION Installing VMware Tools in an Ubuntu virtual machine How to turn OFF (or at least override) syntax highlighting in nano via ~/.nanorc? Exploit writing tutorial part 11 : Heap Spraying Demystified | Corelan Team MemGC and Control Flow Guard (May, 2015) How exploit writers find bugs in Java Machine? - Reverse Engineering Stack Exchange Mac OS Xploitation (2009) Modern Binary Exploitation class from RPI A binary analysis, count me if you can -- VERY USEFUL picoCTF 2014 Baleful - Solving with Pin -- INTERESTING TECHNIQUE How to detect a NX stack and other protections against buffer overflows -- VERY USEFUL ROP for Linux ELF files: finding JMP ESP Performing a ret2libc Attack (updated 1-25-18, ty B Meixell) How to disable ASLR in linux permanently. Python multiprocessing.Pool: -- EXCELLENT EXAMPLE Rooting Freshly -- GOOD EXAMPLE OF PENETRATING A LINUX WEB SERVER Exploiting memory corruption bugs in PHP Part 3: Popping Remote Shells Execute Bash Commands Without Spaces with Brace Expansion x64dbg: An open-source x64/x32 debugger for windows -- ALTERNATIVE TO IDA PRO gdb bug on 64-bit ubuntu with fix: No module name libstdcxx - Stack Overflow gdb - debugging with pipe using mkfifio Fuzzing on MacOS X -- MANY USEFUL TIPS Carnegie Mellon - Tools - VulWiki The Ultimate Disassembly Framework -- Capstone binjitsu/binjitsu: CTF framework and exploit development library How To Install VMware Workstation 11 On Ubuntu 14.10 Exploitation of mem-corruptions vulns in remote C/C++ programs without source or binary Artistic Rendering of Exploit Development Process Blind Return Oriented Programming (BROP) Linux Assembly Tutorial - Step-by-Step Guide A fundamental introduction to x86 assembly programming RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level with "shadow stack" (June, 2016) Introductory Intel x86: Architecture, Assembly, Applications - YouTube Assembly Primer for Hackers (Part 1) System Organization Tutorial.mp4 - YouTube ARM Exploitation: Return Oriented Programming on ARM (on Linux) How to read arbitrary RAM with format string vulnerability The best resources for learning exploit development -- MANY GOOD PROJECT IDEAS Use The Debugger with Hopper Disassembler/Decompiler - YouTube Over the Wire Narnia Level 2 -) 3 -- GOOD EXTRA CREDIT PROJECT Demystifying the Execve Shellcode (Stack Method) Program exiting after executing int 0x80 instruction when running shellcode Debugging - Modifying Code At Runtime How to specify base addresses for sections with gcc -- ESSENTIAL FOR KALI 2017 PROJECTS Windows Kernel Exploitation Tutorial [Kernel Exploitation] 2: Payloads Infosec_Reference/Exploit Development Requests: HTTP for Humans -- Requests 2.18.4 documentation PEDA - Python Exploit Development Assistance for GDB Getting cozy with exploit development Bypassing NX/DEP -- PoC || GTFO Simple ASLR/NX bypass on a Linux 32 bit binary Binary Analysis Tool -- INTERESTING FOR PROJECTS Linux Kernel Debugging with VMWare Player Free Force GCC to push arguments on the stack before calling function (using PUSH instruction) Analyzing Metasploit linux/x86/exec payload EXPLOITATION PROJECT: HeapSpray, SEH, EggHunter Vulnserver -- GMON command SEH based overflow exploit OakSim: ARM Assembly Simulator ARM Assembly and Exploitation -- USEFUL FOR PROJECTS VM of Ubuntu with ARM in QEMU x64dbg -- Recommended by @malwareunicorn New Unsorted LinksRadare2 Projects: "Practical case : Buffer Overflow 0x01 : https://t.co/rMSdRZFzfv 2)Methods and macros: the call stack : https://t.co/oDNYb0sAsr 3) Practical case: Patch Me 0x01 : https://t.co/Ta2cgWQm4E 4)Conditions and loops : https://t.co/hcZg1yNx3Z cc @LibraAnalysis"L7r: x86-64 - Wikipedia Immunity error: pycommands: error importing module -- caused by using 64-bit Python The Cost of Buffer Security Checks in Visual C Ch 14h: GS (Buffer Security Check) -- Official Microsoft Documentation Enable or disable specific mitigations used by Exploit protection | Microsoft Docs Control Flow Guard | Microsoft Docs vulnserver/vulnserver.c at master � stephenbradshaw/vulnserver � GitHub Dangling Pointers Avoid them Strictly! Wxploiting Format Strings in Windows 6 Best Wireshark Alternatives for Android DLL Hijacking with Ghidra--USE FOR PROJECT wntools --CTF framework and exploit development library Return Oriented Programming on ARM (32-bit)--USE FOR PROJECTS Reverse Engineering with Ghidra -- USE FOR PROJECTS Online Courses -- Ghidra Heap Overflow Exploitation on Windows 10 Explained Honggfuzz finding a double-free in VLC -- USE FOR PROJECT How to Compile 32-bit Apps on 64-bit Ubuntu? Debug 32 bit application with gdb in 64 bit environment Modern Windows Exploit Development.pdf Dump TEB/PEB in immunitydbg - Reverse Engineering Stack Exchange Ch 7r: Maximum addressable memory under the current operating systems L7r: Maximum addressable memory under the current operating systems Demystifying Dot NET Reverse Engineering, Part 1: Big Introduction Demystifying dot NET reverse engineering - PART 2: Introducing Byte Patching Demystifying dot NET reverse engineering - PART 3: Advanced Byte Patching Bypassing SEHOP DEP Bypass using ROP Chains | Garima Sinha - securityresearch - Medium Linux Kernel ROP - Ropping your way to # (Part 1) | Trustwave | SpiderLabs | Trustwave Libxml2 Tutorial | AFLplusplus -- FUZZER PROJECT 2020-05-13: Solving Uninitialized Stack Memory on Windows -- INTERESTING CHART OF ROOT CAUSES Porting VulnServer TRUN /.:/ exploit to Metasploit -- Duncan Winfrey Bypassing SEHOP (but only 1/512 of the time) Ch 3o: assembly - How to use sysenter under Linux? GitHub - johnjhacking/Buffer-Overflow-Guide: This Bufferflow Guide includes instructions and the scripts necessary for Buffer Overflow Exploitation. This guide is a supplement for TheCyberMentor's walkthrough. Please watch his walkthrough if you're confused. Feel free to implement Pull Requests or raise Issues. Labs | CyberDefenders ® | Blue Team CTF Challenges 2021-12-02: ydkhatri/mac_apt: macOS ( and ios) Artifact Parsing Tool Learning Linux kernel exploitation - Part 1 - Laying the groundwork Beginner Reverse Engineering Tutorials Resources for learning exploit development OSED - Navigating The Shadows OSCP Guide OFFENSIVE SECURITY & REVERSE ENGINEERING (OSRE) Course |