.

Exploit Development

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Jan 20, 2009 4:33 pm

Exploit Development

Hey E-H.net,

I was looking around the forum, noticed alot of people have alot of security certifications. I was wondering, which course would one of you guys suggest that covers the topic of Exploit Development fairly well (Like to a point where you see a demonstration, cover it, and can go through the steps on your own time in exploiting applications)? The CPTS, CPTE, OSCP,CEH, etc? If the course covers it barely & you'd suggest a book, go ahead and name it, I'm listening! Thanks in advanced.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Tue Jan 20, 2009 4:45 pm

Re: Exploit Development

I don't know from experience, but from having read others' comments as well as information about each of those courses, I believe your best bet would be the CEPT certification from InfoSec Institute

InfoSecInstitute - Advanced Hacking

On the other hand, from experience, I can tell you that neither the CEH or OSCP cover this topic in detail. I do not expect that CPTS/CPTE courses do either.

BillV
<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Tue Jan 20, 2009 4:48 pm

Re: Exploit Development

Hi Kris

For what it's worth I can tell you that the CEH didn't really cover that topic at all.  I can't speak for any of the others though.

Have you looked at the SANS 709 course "Developing Exploits for Penetration Testers and Security Researchers" ?

Regards

Syn
----------------------------------
http://synjunkie.blogspot.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Jan 20, 2009 4:51 pm

Re: Exploit Development

That's exactly what I'm looking for BillV. I also appreciate how quick you responded. SynJunkie, could you toss me a link towards that course? Recommended books anyone?
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

SynJunkie

Jr. Member
Jr. Member

Posts: 71

Joined: Thu Apr 17, 2008 2:41 pm

Location: UK

Post Tue Jan 20, 2009 4:55 pm

Re: Exploit Development

----------------------------------
http://synjunkie.blogspot.com
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Jan 20, 2009 5:08 pm

Re: Exploit Development

Thanks Syn,

I find your blog useful as well. Keep up the good work!

Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Tue Jan 20, 2009 5:41 pm

Re: Exploit Development

If you're looking for a book, try these:

The Shellcoder's Handbook
http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/0764544683
Exploiting Software
http://www.amazon.com/Exploiting-Software-Break-Addison-Wesley-Security/dp/0201786958

I posted a list of papers and tutorials on buffer overflows a while back.  I don't know if the links are still current, but you should be able to find the papers through Google if not.

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2897.msg13502/#msg13502

The first two papers will give you enough to start writing stack-based buffer overflows.  The others cover more advanced topics and can be read roughly in the order that I listed them (the better your background in programming and operating systems, the more you can jump around). 
BS in IT, CISSP, MS in IS Management (in progress)
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jan 20, 2009 7:22 pm

Re: Exploit Development

The first edition of Shellcoder's Handbook was co-written by Jack Koziol of InfoSec Institute. This is the textbook they use for the CEPT which will tell you what to expect from the CEPT course.

There is a second edition which does not include the efforts of Jack. They still use version one for the class. Take that for what you will as I have not done a side-by-side comparison of the 2. Anyone?!?!

As for SANS, the exploit dev course is new but is really starting to round out their ethical hacking / pen testing offerings. They are really making a big push in this area.

Hope that helps & Welcome to EH-Net,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

SecMan

Newbie
Newbie

Posts: 17

Joined: Thu Dec 25, 2008 8:57 am

Post Sun Feb 01, 2009 9:01 am

Re: Exploit Development

Kris, none of the courses goes into too much depth.  However, the OSCP: BackTrack to the Track should cover this in detail.  In the first OSCP course, this is also covered and you have to understand how exploits work, writing your own, etc.  The course isn't entirely focused on developing exploits but you have to know how to write your own + a little light fuzzing.  SANS also recently introduced a new course (709) dedicated to exploit development - http://www.ethicalhacker.net/component/ ... picseen,1/
<<

ficti0n

Newbie
Newbie

Posts: 4

Joined: Mon Mar 23, 2009 1:42 pm

Post Mon Mar 23, 2009 1:54 pm

Re: Exploit Development

The CEPT is 3 out of the 5 days exploit development.....   The test at the end is also exploit development and reverse engineering, in order to pass you have to find and write exploits for the software services provided to you and reverse the crackme they give you.....   So you will be fuzzing and exploiting buffers heaps and format strings for 30 days after you are done with the class....

Practical test:
One windows software  (Find vulnerability, write Exploit)
One Linux software (Find vulnerability, Write Exploit)
One crackme

This cert also requires a 50 question test, which means nothing because its easy... The course itself taught by jack is a great course and you will learn loads, Just make sure you go into the course with good linux skills, also having tried to read the shellcoders handbook chapters on linux and windows overflows and heap overflows before the class... Oh yea and format string vulnerabilities. It also wouldn't hurt to go through a few reversing tutorials as well....  "Reversing with Lena" is a good series for that.... Just the first few will get you up to speed with windows reversing techniques....

As far as books go,   "Shellcoders handbook" is a must,  also the "Art of Exploitation" covers the topic in less detail and might be more digestible for someone new to the subject..

The second rendition of the shellcoders handbook just corrected some incorrect diagrams for example the memory one in the linux chapter they had upside down and I believe added some other chapters or content not relevant to what you would learn in the course... IE the windows and linux exploitation.

I took this class and passed the certification, I would suggest you take this certification and the OSCP certification as far as real world knowledge and acquiring skills while at the same time a certification.... All the other certs are mostly Fluff or general knowledge for your resume  so the HR dept of a business flag you for an interview....   Dont get me wrong, cissp will get you an interview, but stuff like the CEH  I didnt find beneficial on any level at all....


Ficti0n....
Last edited by ficti0n on Mon Mar 23, 2009 2:20 pm, edited 1 time in total.
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Mon Mar 23, 2009 2:37 pm

Re: Exploit Development

'Hacking - The Art of Exploitation' is a good book way over my head at the moment as I dont program in C which is what the book expects from you. It also goes into asm a little.
<<

ficti0n

Newbie
Newbie

Posts: 4

Joined: Mon Mar 23, 2009 1:42 pm

Post Mon Mar 23, 2009 2:46 pm

Re: Exploit Development

ummm art of explotation kind of glosses over C, I dont remember it being to C or ASM intensive though..... Just as long as you have an understanding of programming concepts and the basics of how a small asm program works you will be fine...  Shellcoders handbook is more intensive....  I have to say before that class I understood about 60% of shellcoders handbook and after the class I read through and understood about 90% of the shellcoders book...

A good place to start understanding ASM for me was looking at that old old book on building viruses.... little book of computer viruses it might have been called? I read through that at the same time as a linux asm book and I started understanding the stuff way more...

Return to General Certification

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software