This repository is for the Offensive Software Exploitation Course I am teaching at Champlain College.
Most of the slidenotes I used, are already shared on http://opensecuritytraining.info, but the labs were fully created by myself. I used publically available resources and software to explain each of the weakneses covered, so there is nothing here that you cannot find online.
Vulnerable Software: The vulnerable software I used are also online and can be found at http://exploit-db.com. I will point them out later when I find time.
Tools used:
- Immunity Debugger
- Kali Linux
- CFF Explorer
- NetCat
- Others!
Targets used:
- Download any Windows 10 VM from Microsoft VMs. This was used for most of the labs, except for the EggHunter lab, I used a Windows 7 VM, also from Microsoft VMs.
Course modules:
- Module 01 - The Basics (PE Format, DLLs, etc)
- Module 02 - Bug Hunting and Fuzzing
- Module 03 - Intro. to Memory Corruption and Buffer Overflows
- Module 04 - Metasploit
- Module 05 - Mitigation Techniques
- Module 06 - SEH and Jumping Strategies
- Module 07 - Egghunter
- Module 08 - Retrurn Oriented Programming (ROP)
- Module 09 - Post Exploitation
- Module 10 - Manual Code Injection
Course Video Recordings (currently in Arabic): OSE YouTube Playlist