Malware Analysts Cookbook

http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_1?ie=UTF8&qid=1316517960&sr=8-1


Gray hat python

http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921/ref=sr_1_1?s=books&ie=UTF8&qid=1316517985&sr=1-1

Thanks for the links what best OS to use ? also what good tools to use I know the books would recommend some tools but would like to try have play before I get the books thanks

I have gotten the "Hacking: The art of exploitation" which is a really good book, however that was after I started developing my own exploits.

Initally I looked at null threats blog which really got me hooked on exploit development except I didn't use metasploit, but rather started learning some python and recreating an exploit from scratch from the exploit db using the concept he shows in the videos.

That was all in the lead up to starting pwb which has a good section on exploit development, but as I'd done it before some people said I was at an advantage.

In this case, different from your last post....when you're debugging or RE an application for Windows, you'll likely be using Windows as your OS. I think its possible to do cross debugging but I have zero experience with that.

I always use a windows box to debug windows apps with Immunity debugger. Corelan has a tremendous plugin called mona.py that can really speed up exploit development, especially if you want to create metasploit modules. I think IDA has a Linux version but I'm not sure. Mambru has more RE experience than I do and can give you better advice on that.

These are the books I would add, with the IDA book being number 1

Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
http://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426/ref=cm_lmf_tit_8

Rootkits: Subverting the Windows Kernel
http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/ref=cm_lmf_tit_14

Exploiting Software: How to Break Code
http://www.amazon.com/Exploiting-Software-How-Break-Code/dp/0201786958/ref=cm_lmf_tit_12

The Shellcoder's Handbook: Discovering and Exploiting Security Holes
http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=cm_lmf_tit_13

Fuzzing for Software Security Testing and Quality Assurance
http://www.amazon.com/Fuzzing-Software-Security-Assurance-Information/dp/1596932147/ref=cm_lmf_tit_7

Aside from the reading, operating system is only relevant to what you want to find "faults" with. Fuzzing is nothing more than fault injection. You likely would yield little results fuzzing Windows files on a Nix box. There are plenty of tools on Windows systems that can help you: PaiMei, Klocwork Architect, Codenomicon, Protos, etc.

The key to benefitting though is to focus on understanding why an application is behaving in a method that causes it to act outside of the norm. This will include knowing and understanding a lot of machine code (Assembly) as well as understanding debugging. For debugging on Windows I use WinDBG for almost everything. From time to time I may plop in and out of Olly or Immunity Debugger, but WinDBG has been very useful to me.

When I was getting deeper into debugging and figuring things out, I followed Vostokov heavily:

http://www.dumpanalysis.org/blog/index.php/about/
http://www.amazon.com/Crash-Dump-Analysis/dp/B0042ETC7C

There is a lot to know for Windows including literally living on MSDN for months reading up on calls, instructions, etc. This was primarily for Windows mind you. *nix based fuzzing is a bit different because of the variants (Linux, BSD, Solaris, HPUX, QNX, etc). Almost all handle things differently.

Fuzzing involves more than just tools. What's the point of aiming tools to find a crash if you don't know how to capitalize on that crash.

If you heavily want to learn, I suggest you watch for Assured Exploits training by Dino Dai Zovi (http://trailofbits.com/2011/01/11/upcoming-events-in-2011/). I have not taken the OSCE so I am unsure how much you can actually yield with regards to fuzzying.

Another thing to note is OpenRCE.org, http://www.woodmann.com/ are your friends in this arena. In order to understand bugs, you WILL NEED TO understand reverse engineering heavily.

I had the chance to attend the Assured Exploitation class by Dino Dai Zovi and Alex Sotirov, and it was awesome, I highly recommend it.

Another great class is Aaron Portnoy's Bug hunting and analysis class. He will give it once again next January. You can check the last edition contents:

http://recon.cx/2011/training3.html

Thanks for the links. mambru looks good but I am based in the UK so its pain to get to Canada