i recently read an article by the same name and in interested in knowing more about how exploits are created from advisories.

kindly suggest the skill set, resources, forums/websites, certifications which may help me in this endeavor.

any suggestion in this direction would he really helpful as im starting off with limited information i have been able to collect.

thanks

im currently working as a pentester... i have completed CEH

i have been following tutorials for exploit development and reverse engineering and i love the entire process of exploit development.

i want to become well versed with exploit development ... right now im following tutorials ... later i want to build my own exploits

from what i have read, following advisories is one of the most logical ways to create zero day exploits.

i want to know how people create zero day exploits by following advisories...is there some site or reference material i can follow for a start ?

great

i am currently following Peter Van's tutorial on exploits and Lenas tutorials on reverse ingineering.

im thinking of doing a course for each one of them ...

any pointers about websites or forums to follow (along with this forum ofcourse )

I'm going to put these links in order for the learning aspect of it:

http://www.amazon.com/A-Bug-Hunters-Reading-List/lm/R21POHD6Y2DOLQ
http://cansecwest.com/slides06/csw06-sotirov.pdf
http://www.slideshare.net/guest9f4856/returnoriented-programming-exploits-without-code-injection
http://www.cs.cmu.edu/~dbrumley/pubs/apeg.pdf
http://www.metasploit.com/redmine/projects/framework/wiki/AdvisoryToExploit

In order to understand how to create an exploit from a patch, you'd need to understand (drum roll) what was patched and why was it patched. To understand THAT you will need a hefty amount of experience in Assembly programming period. There is no shortcut around this. If you can get through Lena's tutorials, I'd suggest moving onto "Microsoft Patching Internals" (http://www.openrce.org/articles/full_view/22) After that soaks in, move over to "Binary Diffing Heuristics" (http://www.openrce.org/forums/posts/82) How about starting there then worrying about the tools.

I'm taking into account that we're talking MS based patches here as *nix based patches are visible and MS' aren't. As for blogs to follow, sites to view.

OpenRCE
http://www.openrce.org

Some good legacy articles
http://maliciousattacker.blogspot.com/

Excellent articles from Aaron
http://dvlabs.tippingpoint.com/blog/

Veracode
http://www.veracode.com/blog/category/binary-analysis/

Nico!
http://eticanicomana.blogspot.com/

Dino
http://trailofbits.com/

Halvar
http://addxorrol.blogspot.com/

MUST follow... Reversing on this level is a royal pain and not for the impatient. As mentioned already, Pentest.Cryptocity is another must. Beginning with "Reverse Engineering" (http://pentest.cryptocity.net/reverse-engineering/). I'd suggest you watch it over a few times paying exact attention to what he is saying with regards to structure and discipline prior to even opening a tool.

Lastly, a "stumbleupon" approach: http://www.reddit.com/r/ReverseEngineering/