Exploit Development

For exploit development, it is necessary to have a solid grasp of Assembly and C/C++. Maybe also Python. I provided some recommendations on my coding resources page on how to learn them.

Yes, companies like Microsoft have been moving from memory-unsafe languages like C/C++ for critical systems software to memory-safe languages like Rust. However, such migrations take a long time to implement and a significant portion of existing and new third-party codebases will remain in C/C++. And while there have been some recent discussions and rumors about rewriting the Linux kernel in Rust, significant actions haven’t been taken yet. I am not even mentioning that there are plenty of bugs that do not involve memory corruption. In other words: there will still be plenty of juicy targets to attack.

Afterwards, one can get started with:

Books

They can be a bit dated but introduce the topic well

• Hacking: The Art of Exploitation, 2nd Edition: a gentile introduction to the topic
• A Guide to Kernel Exploitation: Attacking the Core 1st Edition
• The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition: an in-depth examination of exploit development across multiple platforms.
• A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security
• Writing Security Tools and Exploits, 1st Edition

Formal Trainings

We all need a guru’s help sometimes

• Azeria Labs: ARM, Android, and IoT security and exploitation
• SANS SEC760
• Max Kamper’s Linux Heap Exploitation Udemy Course - Part I, Part II, and Part III: The best and most affordable Heap Exploitation resource out there – and a significant find because resources on exploiting the heap are very rare. It is worth the provided reference “bible” alone!
• Corelan’s Windows Exploitation Courses
• Offensive Security’s EXP-301 and EXP-401 Windows Exploitation Courses

Websites

Learning resources:

• Max Kamper’s Linux Heap Exploitation Udemy Course - Part I, Part II, and Part III: The best and most affordable Heap Exploitation resource out there – and a significant find because resources on exploiting the heap are very rare. It is worth the provided reference “bible” alone!
• pwn.college
• Sam Bowe’s Exploit Development Class
• Modern Binary Exploitation - CSCI 4968
• Azeria’s ARM Exploitation Tutorials
• Corelan’s Windows Exploitation Tutorials
• Fuzzy Security Exploit Tutorials
• OpenSecurity Training
• Linux Kernel Hacking Walkthrough
• ExploitDev Reddit: One of the more civilized Reddit threads, where one can get help and guidance

Training/Practice Challenges:

• RET2 WarGames: A well designed binary exploitation training course with labs and one of the best resources out there for newbies and the more advanced alike. Students and educational institutions can get it at a significantly discounted price
• exploit.education: A well-designed set of binary exploitation teaching challenges with increasingly-progressing difficulty levels
• ROP Emporium
• Nightmare

Tools

• pwntools and its documentation: A CTF and exploit development library for scripting exploits rapidly
• pwndbg and its documentation: A user-friendly and exploit-development tailored extension of the GDB debugger
• one_gadget finder
• ropper gadget finder