Embed Size (px)
DESCRIPTION
This presentation is for newbies to the world of exploit development. It is designed to help you get comfortable with the subject and provide you with the resources required to get started.
Citation preview
Strategic Security, Inc. © http://www.strategicsec.com/
Exploit Development For Mere Mortals
Part 1: Getting Started
Presented By:
Joe McCray
http://www.linkedin.com/in/joemccray
http://twitter.com/j0emccray
Strategic Security, Inc. © http://www.strategicsec.com/
Who Is This Talk For?
Who is this for?
• Security Professionals and hobbyists interested in understanding exploit
development
• Security Professionals and hobbyist interested in the fundamentals of writing
exploits
No Geekenese:
• This is NOT a technical, although there will be some technical info – it‟s more
of a getting started guide than anything else
Strategic Security, Inc. © http://www.strategicsec.com/
Things I‟ll Be Covering Today
• What programming languages you need to know?
• What are the best ways to learn these languages?
• What tools do you need?
• Which tools should you start with first?
• What references you use to get started and more importantly what to avoid?
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• An Interpreted Language (Perl, Python, Ruby)
• C
• Assembly
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• If you are new to programming – start with an interpreted language first
• Perl, Python, Ruby
• Youtube is your friend – the best I‟ve seen is from „thenewboston‟
• Python: https://www.youtube.com/watch?v=4Mf0h3HphEA
• Ruby: https://www.youtube.com/watch?v=WJlfVjGt6Hg
• Perl used the be the exploit and tool development language of choice
• Now it‟s Python and Ruby
Strategic Security, Inc. © http://www.strategicsec.com/
What Programming Languages Do I Need To Know/Learn?
• The C Programming Language
• Greg Perry is an amazing teacher of programming languages
• I highly recommend “Absolute Beginner‟s Guide to C”
• Publisher: Sams; 2nd Edition
• ISBN-10: 0672305100
• ISBN-13: 978-0672305108
Strategic Security, Inc. © http://www.strategicsec.com/
Vivek Ramachandran (SecurityTube.net)
@SecurityTube
The Assembly Programming Language
Assembly For Hackers Video Series:
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6
What Programming Languages Do I Need To Know/Learn?
Strategic Security, Inc. © http://www.strategicsec.com/
What Tools Do You Need?
•Virtualization Platform (VMWare, VirtualBox, etc)
• Target VMs (XPSP3, Win7, Ubuntu 10)
• Debuggers
• OllyDBG: http://www.ollydbg.de/
• Immunity: http://immunitysec.com/products-immdbg.shtml
• WinDBG: http://www.windbg.org/
• IDA Pro: http://www.hex-rays.com/products/ida/support/download.shtml
• Vulnerable Software
• http://www.oldapps.com/
• http://www.exploit-db.com/
• Exploit Code
• http://www.exploit-db.com/
• http://packetstormsecurity.org/files/tags/exploit/
Strategic Security, Inc. © http://www.strategicsec.com/
Which Tools Should I Start With First?
• For your first few times dealing with simple exploits I‟d recommend OllyDBG
• After that I think you should move to either Immunity or WinDBG
• I would say that IDA Pro should be left for advanced users
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• If you are BRAND NEW – start with these tutorials:
• http://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-
development/
• http://resources.infosecinstitute.com/seh-exploit/
• If you have a little experience – start with the Corelan.be tutorials
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-
basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-
aslr/
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• To break up the monotony I‟d recommend doing some reversing tutorials
• http://tuts4you.com/download.php
• Stay away from the majority of books on Buffer Overflows
• Way too much focus on source code
• Way too much focus classic buffer overflows on old OSs
• Books I would recommend (after you‟ve done the tutorial list earlier) are:
• Art of Exploitation
• Shellcoder‟s Handbook
Strategic Security, Inc. © http://www.strategicsec.com/
What References Should I Use To Learn ED And Which Should I Avoid?
• If you are going to take a class at a security conference:
•Exploit Labs with Saumil Shah
• Corelan Live with Peter Van Eeckhoutte
Strategic Security, Inc. © http://www.strategicsec.com/
Major Resources
Vivek Ramachandran (SecurityTube.net)
@SecurityTube
Assembly For Hackers Video Series:
http://www.securitytube.net/groups?operation=view&groupId=5
http://www.securitytube.net/groups?operation=view&groupId=6
Exploit Development Basics Video Series
http://www.securitytube.net/groups?operation=view&groupId=7
http://www.securitytube.net/groups?operation=view&groupId=4
Strategic Security, Inc. © http://www.strategicsec.com/
Major Resources
Peter Van Eeckhoutte (https://www.corelan.be/)
@corelanc0d3r
Hands-Down Probably The Best Tutorials on the market:https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-
basic-exploit-development/
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-
aslr/
https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
Strategic Security, Inc. © http://www.strategicsec.com/
Tutorial Lists
Basics:
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
More All-Encompassing List
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
Strategic Security, Inc. © http://www.strategicsec.com/
Specific Exploit Topics
Basics:
http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
More All-Encompassing List
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
Strategic Security, Inc. © http://www.strategicsec.com/
Contact Me....
Toll Free: 1-866-892-2132
Email: [email protected]
Twitter: http://twitter.com/j0emccray
LinkedIn: http://www.linkedin.com/in/joemccray
