├── LICENSE └── README.md /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Fabio Baroni 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # awesome-exploit-development 2 | A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development 3 | 4 | A project by Fabio Baroni. 5 | 6 | Read the full article here! http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/ 7 | 8 | ## BOOKS 9 | 10 | * Hacking - The art of exploitation 11 | 12 | * A bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security 13 | 14 | * The Shellcoder's Handbook: Discovering and Exploiting Security Holes 15 | 16 | * Sockets, shellcode, Porting, and coding: reverse engineering Exploits and Tool coding for security professionals 17 | 18 | * Writing Security tools and Exploits 19 | 20 | * Buffer overflow attacks: Detect, exploit, Prevent 21 | 22 | * Metasploit toolkit for Penetration Testing, exploit Development, and vulnerability research 23 | 24 | ## TUTORIALS 25 | 26 | ### Corelan.be 27 | 28 | * https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ 29 | 30 | * https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ 31 | 32 | * https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ 33 | 34 | * https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ 35 | 36 | * https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ 37 | 38 | * https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/ 39 | 40 | * https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/ 41 | 42 | * https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/ 43 | 44 | * https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ 45 | 46 | * https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/ 47 | 48 | * https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/ 49 | 50 | * https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/ 51 | 52 | * https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/ 53 | 54 | * https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/ 55 | 56 | * https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/ 57 | 58 | * https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/ 59 | 60 | * https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/ 61 | 62 | * https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/ 63 | 64 | * https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/ 65 | 66 | * https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/ 67 | 68 | * https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/ 69 | 70 | * https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/ 71 | 72 | * https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/ 73 | 74 | * https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/ 75 | 76 | * https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/ 77 | 78 | 79 | ### Opensecuritytraining.info 80 | 81 | * http://opensecuritytraining.info/Exploits1.html 82 | 83 | * http://opensecuritytraining.info/Exploits2.html 84 | 85 | ### Securitytube.net 86 | 87 | * http://www.securitytube.net/groups?operation=view&groupId=7 exploit research megaprimer 88 | 89 | * http://www.securitytube.net/groups?operation=view&groupId=4 buffer overflow exploitation for linux megaprimer 90 | 91 | * http://www.securitytube.net/groups?operation=view&groupId=3 Format string vulnerabilities megaprimer 92 | 93 | 94 | ### Massimiliano Tomassoli's blog 95 | 96 | * http://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/ 97 | 98 | 99 | ### Samsclass.info 100 | 101 | * https://samsclass.info/127/127_F15.shtml 102 | 103 | 104 | ### Securitysift.com 105 | 106 | * http://www.securitysift.com/windows-exploit-development-part-1-basics/ 107 | 108 | * http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/ 109 | 110 | * http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/ 111 | 112 | * http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/ 113 | 114 | * http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting 115 | 116 | * http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits 117 | 118 | * http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows 119 | 120 | 121 | ## COURSES 122 | 123 | ### Corelan 124 | 125 | * https://www.corelan-training.com 126 | 127 | 128 | ### Offensive Security 129 | 130 | * https://www.offensive-security.com/information-security-training/advanced-windows-exploitation/ AWE (Advanced Windows exploitation) 131 | 132 | 133 | ### SANS 134 | 135 | * https://www.sans.org/course/advance-exploit-development-pentetration-testers SANS SEC760: Advanced Exploit Development for Penetration Testers 136 | 137 | ### Udemy 138 | 139 | * https://www.udemy.com/windows-exploit-development-megaprimer/learn/#/ Windows exploit Development Megaprimer by Ajin Abraham 140 | 141 | ## TOOLS 142 | 143 | * IDA Pro 144 | 145 | * OllyDbg 146 | 147 | * WinDbg 148 | 149 | * Mona.py 150 | 151 | 152 | ## VULNERABLE APPLICATIONS 153 | 154 | ### Exploit-exercises.com 155 | 156 | * https://exploit-exercises.com/protostar/ Protostar 157 | 158 | * https://exploit-exercises.com/fusion/ Fusion 159 | 160 | 161 | ## EXPLOITS DATABASE 162 | 163 | 164 | 165 | * https://www.exploit-db.com 166 | 167 | * https://www.milw00rm.com 168 | 169 | * http://0day.today 170 | 171 | * https://packetstormsecurity.com 172 | 173 | * http://www.windowsexploits.com 174 | 175 | * http://iedb.ir 176 | 177 | * http://www.macexploit.com --------------------------------------------------------------------------------