Introduction to Exploit Development
With
@sambowne
,
@djhardb
,
@KaitlynGuru
, and
@infosecirvin
.
Scoreboard
·
Submit Flags
Archived Scores
DERPCON
Oct 30, 2020
Archived Videos
DERPCON
I: Command Injection
ED 200: Google Cloud Linux Server
15
ED 101: Essential Linux
25
LJ: Linux Journey
83
ED 102. Command Injection
*
60
ED 103: SQL Injection
185
ED 104: CMD Injection
40
ED 105: Server Side Template Injection (SSTI)
35
ED 106: PHP-FPM Command Injection
15
* Most important
II: Binary Exploits for Linux
ED 201: Linux Buffer Overflow With Command Injection
15
ED 202: Linux Buffer Overflow Without Shellcode
*
115
ED 203: Linux Buffer Overflow With Listening Shell
45
ED 204: Exploiting a Format String Vulnerability
20
ED 205: Very Simple Heap Overflow
30
ED 206: Heap Overflow via Data Overwrite
45
ED 207: Linux Buffer Overflow with ROP
(requires VMware)
15
ED 210: Exploiting a Race Condition
10
ED 220: Intro to 64-bit Assembler
40
* Most important
III: Binary Exploits for Windows
H 2: Windows 2016 Server Virtual Machine
15
ED 300: Windows 2016 Server Cloud Server
15
ED 308: Exploiting "Vulnerable Server" on Windows
*
VM version
50
ED 309: Defeating DEP with ROP
20
ED 301: Windows Stack Protection I: Assembly Code
15
ED 302: Windows Stack Protection II: Exploit Without ASLR
15
ED 303: Windows Stack Protection III: Limitations of ASLR
15
ED 310: Windows Mitigations
10
ED 318: Exploiting Easy RM to MP3 Converter on Windows with ASLR
30
ED 319: SEH-Based Stack Overflow Exploit
65
ED 330: C# Dot Net
20
ED 331: Dot Net Reflector
45
* Most important
IV: ARM Exploits
ED 413: ARM Shellcode on the Pi
30
ED 414: Self-Modifying ARM Shellcode on the Pi
20
ED 420: Jailbreaking an iPhone with Checkra.in
15
ED 421: Buffer Overflow on an iPhone
20
V: Extras
ED 501: Codacy
15
ED 290: Chrome Desktop on a Cloud Linux Server
10
Local Virtual Machines
Only for students without credit cards
ED 10: Kali Virtual Machine
15
ED 21: Windows 2016 Server Virtual Machine
10
Updated for GRAYHAT 10-31-2020
