h4cker/exploit_development/README.md
Omar Santos d599041450
Update README.md
Fixes #143 
Fixes #144
Fixes #150
Fixes #145 
Fixes #146 
Fixes #147 
Fixes #148 
Fixes #149 
Fixes #141 
Fixes #142 
Fixes #139 
Fixes #138 
Fixes #137 
Fixes #136 
Fixes #135 
Fixes #134 
Fixes #133 
Fixes #132 
Fixes #131 
Fixes #130 
Fixes #129 
Fixes #128 
Fixes #127 
Fixes #153 
Fixes #152 
Fixes #151
2023-07-03 15:19:43 -04:00

20 KiB
Raw Permalink Blame History

Exploit Development References

Exploit development is a complex field requiring deep knowledge of various programming languages, networking, operating systems, and security principles. The following are some key areas you should focus on:

  1. Programming Languages: You should have a strong command of at least one low-level programming language like C or C++, as understanding how these languages interact with hardware and memory is crucial for exploit development. High-level languages like Python are also important for scripting and automating tasks.

  2. Assembly Language & Reverse Engineering: Knowledge of assembly language is essential. It is the language of the processor, and understanding it will give you insight into how software behaves at the lowest level. Coupled with reverse engineering skills, you can deconstruct and understand how software is working, even when you don't have the source code.

  3. Operating Systems: Have a deep understanding of the internals of various operating systems (especially Windows, Linux, and possibly macOS). Focus on topics like processes, threads, memory management, and the kernel.

  4. Networking: Strong knowledge of networking is important. You should understand TCP/IP at a minimum, but also higher-level protocols like HTTP and DNS.

  5. Buffer Overflows & Vulnerabilities: Study common types of vulnerabilities such as buffer overflows, use-after-free, race conditions, format string vulnerabilities, and integer overflows. Understanding how these vulnerabilities occur and how they can be exploited is key.

  6. Exploitation Techniques: Study various exploitation techniques, such as Return-oriented Programming (ROP), heap spraying, and format string exploitation. These techniques are often used in crafting exploits for known vulnerabilities.

  7. Shellcoding: Learn how to write shellcode, which is the payload that runs after successfully exploiting a vulnerability.

  8. Fuzzing: Fuzzing is a technique for discovering bugs and potential vulnerabilities in software. Learning how to implement intelligent fuzzing strategies could help you find new exploits.

  9. Security Tools: Get familiar with tools used in exploit development like debuggers (GDB, WinDbg), disassemblers (IDA Pro, Ghidra), and fuzzing tools (AFL, libFuzzer).

  10. Ethics and Legal Concerns: Remember, all these skills must be used responsibly. You should have a strong understanding of the ethics involved in hacking, and you should only attempt to exploit software in legal contexts, such as part of a job where you have been given permission to do so, or in a controlled environment for research or educational purposes.

  11. Keep up with Industry Trends: Exploit development is a constantly evolving field. Keep yourself updated with the latest vulnerabilities, exploitation techniques, and patches. Participate in Capture The Flag (CTF) competitions and follow various security blogs and forums.

Tutorials and Examples

Hex Editors

  • HexEdit.js - Browser-based hex editing.
  • Hexinator - World's finest (proprietary, commercial) Hex Editor.
  • Frhed - Binary file editor for Windows.
  • 0xED - Native macOS hex editor that supports plug-ins to display custom data types.

File Format Analysis Tools

  • Kaitai Struct - File formats and network protocols dissection language and web IDE, generating parsers in C++, C#, Java, JavaScript, Perl, PHP, Python, Ruby.
  • Veles - Binary data visualization and analysis tool.
  • Hachoir - Python library to view and edit a binary stream as tree of fields and tools for metadata extraction.

Reverse Engineering Tools

The following are some of the most popular reverse engineering tools. HOWEVER! GO TO THE REVERSE ENGINEERING SECTION for more references.

  • Ghidra - a software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate
  • Interactive Disassembler (IDA Pro) - Proprietary multi-processor disassembler and debugger for Windows, GNU/Linux, or macOS; also has a free version, IDA Free.
  • WDK/WinDbg - Windows Driver Kit and WinDbg.
  • OllyDbg - x86 debugger for Windows binaries that emphasizes binary code analysis.
  • Radare2 - Open source, crossplatform reverse engineering framework.
  • x64dbg - Open source x64/x32 debugger for windows.
  • Immunity Debugger - Powerful way to write exploits and analyze malware.
  • Evan's Debugger - OllyDbg-like debugger for GNU/Linux.
  • Medusa - Open source, cross-platform interactive disassembler.
  • plasma - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
  • peda - Python Exploit Development Assistance for GDB.
  • dnSpy - Tool to reverse engineer .NET assemblies.
  • binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  • PyREBox - Python scriptable Reverse Engineering sandbox by Cisco-Talos.
  • Voltron - Extensible debugger UI toolkit written in Python.
  • Capstone - Lightweight multi-platform, multi-architecture disassembly framework.
  • rVMI - Debugger on steroids; inspect userspace processes, kernel drivers, and preboot environments in a single tool.
  • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Implant Creation

Return Oriented Programming

Windows memory protections

Windows memory protections Introduction Articles.

Exploit development tutorial series

Exploid Development Tutorial Series Base on Windows Operation System Articles.