This repository is for the Offensive Software Exploitation Course I am teaching at Champlain College and currently doing it for free online (check the YouTube channel for the recordings).
Most of the slidenotes I used, are already shared on HTID Course, but the labs were fully created by myself. I used publically available resources and software to explain each of the weakneses covered, so there is nothing here that you cannot find online.
Vulnerable Software: The vulnerable software I used are also online and can be found at http://exploit-db.com. Check each lab for the software used in that lab and from where to download it.
Tools used:
- Immunity Debugger
- Kali Linux
- CFF Explorer
- NetCat
- Others!
Targets used: Download a Windows 10 VM from Microsoft VMs (currently using Version 1809 Build 17763.1339). This will be used for most of the labs, except for the EggHunter lab, I used a Windows 7 VM, also from Microsoft VMs (currently offline so check archive.org).
Course modules:
- Module 01 - The Basics (PE Format, DLLs, etc)
- Module 02 - Bug Hunting and Fuzzing
- Module 03 - Intro. to Memory Corruption and Buffer Overflows
- Module 04 - Metasploit
- Module 05 - Mitigation Techniques
- Module 06 - SEH and Jumping Strategies
- Module 07 - Egghunter
- Module 08 - Retrurn Oriented Programming (ROP)
- Module 09 - Post Exploitation
- Module 10 - Manual Code Injection
Course Video Recordings on YouTube (currently in Arabic): OSE Playlist