Saturday, August 14, 2021

CORELAN COURSE BUT OPEN SOURCE

 

CORELAN COURSE BUT OPEN SOURCE:

The x86 environment + exploit lab setup:

 Exploit writing tutorial part 1 : Stack Based Overflows | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

 

Stack BOF: 

Exploit writing tutorial part 2 : Stack Based Overflows – jumping to shellcode | Corelan Cybersecurity ResearchCorelan Cybersecurity Research 

 Exploit writing tutorial part 3 : SEH Based Exploits | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

 

Egg hunters: 

Exploit writing tutorial part 8 : Win32 Egg Hunting | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

 

Reliability and reusability: 

Exploit writing tutorial part 5 : How debugger modules & plugins can speed up basic exploit development | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

 

Metasploit framework: 

Exploit writing tutorial part 4 : From Exploit to Metasploit – The basics | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

 

DEP + ASLR bypass: 

Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR | Corelan Cybersecurity ResearchCorelan Cybersecurity Research 

 Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube | Corelan Cybersecurity ResearchCorelan Cybersecurity Research 

 Universal DEP/ASLR bypass with msvcr71.dll and mona.py | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

 

x64 BOF: 

x64 calling convention | Microsoft Docs,

 Stack Based Buffer Overflows on x64 (Windows) – Nytro Security

 

x64 SEH overwrites:

 Disk Savvy Enterprise v9.6.18 – Buffer Overflow (SEH) Win 7 x64 Exploit Development – dabooze (dilsec.com)

 

x64 shellcodes: 

Writing shellcodes for Windows x64 – Nytro Security

 

ADVANCED BOOTCAMP 

WINDBG:

 https://www.youtube.com/watch?v=8zBpqc3HkSE  http://windbg.info/doc/1-common-cmds.html

 

WINDOWS HEAP: 

Windows 10 x86/wow64 Userland heap | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

us-16-Yason-Windows-10-Segment-Heap-Internals-wp.pdf (blackhat.com) 

corelan/win10_heap: Collection of VC++ example applications to demonstrate Win10 userland heap behavior (BEA & FEA) (github.com)

 

HEAP SPRAYING:

 Exploit writing tutorial part 11 : Heap Spraying Demystified | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

DEPS – Precise Heap Spray on Firefox and IE10 | Corelan Cybersecurity ResearchCorelan Cybersecurity Research

 

BONUS: UAF + HEAP SPRAYING:

 FuzzySecurity | ExploitDev: Part 9

UAF: 

https://exploit.courses/files/bfh2020/day7/0x56_DefeatExploitMitigations_heap_attacks.pdf

PowerPoint Presentation (exploit.courses),

 Write-up: User-After-Free by MalwareTech – mauronz – x86 official language of the blog

 

HEAP OVERFLOWS:

 Heap Overflow Exploitation on Windows 10 Explained (rapid7.com) : this is a very good article, also covers how to turn heap overflows into an info leak

 

DOUBLE FREE(): as far as I know, most double frees() result in a DOS

TYPE CONFUSION: Understanding type confusion vulnerabilities: CVE-2015-0336 - Microsoft SecurityWindows Kernel Exploitation Part 2: Type Confusion – Himanshu Khokhar's Blog (pwnrip.com),

 us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition-wp.pdf (blackhat.com),

CTF TYPE CONFUSION: PlaidCTF writeup for Pwn-275 – Kappa (type confusion vuln) » SkullSecurity

 

UNINTIALIZED MEMORY:    if you run this piece of code, char *p will end up as 0x41414141, figure it out urself pls: eu-15-Chen-Hey-Man-Have-You-Forgotten-To-Initialize-Your-Memory-wp.pdf (blackhat.com)

MEMORY LEAKS/INFO DISCLOSURE: the heap overflow article also showed you how to leak an address, here is another great article BH_US_12_Serna_Leak_Era_Slides.pdf (blackhat.com)

 

HEAP MANIPULATION: the heap overflow article above also mentioned this, 

Heap Feng Shui in JavaScript (blackhat.com),

CTF: bkth/babyfengshui: 33C3 CTF binary challenge (github.com)(linux)

 

EXTRAS: Project Zero: What is a "good" memory corruption vulnerability? (googleprojectzero.blogspot.com)

 

KERNEL EXPLOITATION: The book called "A guide to kernel exploitation"

Abusing GDI for ring0 exploit primitives-2015.pdf (coresecurity.com)

FuzzySecurity | Windows ExploitDev: Part 10

FULLSHADE/WindowsExploitationResources: Resources for Windows exploit development (github.com)

Kernel Exploitation Via Uninitialized Stack (outflux.net)

DEF CON 25 Hacker Conference  

 

HEY DO YOU ALSO WANT THE OSEE/AWE COURSE BUT OPEN SOURCE CHECK THIS OUT

dhn/OSEE: Collection of resources for my preparation to take the OSEE certification. (github.com)

timip/OSEE: OSEE Preparation (github.com)

 

REMEMBER THAT ANY PAID COURSE(even probably some super secret gov hacking course) HAS AN OPEN SOURCE/FREE ALTERNATIVE THAT IS AS GOOD OR EVEN BETTER

If I made mistakes pls let me know