exploitation-course

Offensive Software Exploitation Course

View on GitHub

Offensive Software Exploitation (OSE) Course

This repository is for the Offensive Software Exploitation Course I am teaching at Champlain College and currently doing it for free online (check the YouTube channel for the recordings). Most of the slidenotes I used, are already shared on HTID Course, but the labs were fully created by myself. I used publically available resources and software to explain each of the weakneses covered, so there is nothing here that you cannot find online.


OFFENSIVE SOFTWARE & REVERSE ENGINEERING (FULL COURSE / 2021)

This is the whole course that was covered at Champlain College during Spring 20/21, yes during the COVID-19 pandemic! Unfortunately I was not able to cover all the modules due to time limitation, but other than that I had a great semester with my students and enjoyed teaching this course to them. Big thank you to each one of them, who all graduated now. The course could be found here OSRE. The videos on my YouTube channel walk through most of them.


Course Files and Resources


Vulnerable Software

The vulnerable software I used are also online and can be found at Exploit-db. I also used Stephen Bradshaw’s VulnServer, plus maybe some other simple code that I prepared. Please check each lab for the software used in that specific lab and from where to download it.


Tool(s) Required

All of the tools used are free and could be downloaded from the URLs below.


Target(s) Used


Table of Contents:

The topics that will be covered in this course are:

  1. The Basics (PE Format, DLLs, etc)
  2. Bug Hunting and Fuzzing
  3. Intro. to Memory Corruption and Buffer Overflows
  4. Metasploit
  5. Mitigation Techniques
  6. SEH and Jumping Strategies
  7. Egghunter
  8. Retrurn Oriented Programming (ROP)
  9. Post Exploitation
  10. Manual Code Injection
  11. Intro. to Assembly x86 and x64 (please check update #3 for this part)
  12. Reverse Engineering (please check update #3 for this part)

Video Recordings:


Useful Resources:


Update(s):

Credits:

Thanks to everyone who shared their work online, without them this course would not have happened!