Windows Exploit Development Part 0: Series Introduction
In this multi-part series we will be exploiting Windows 32-bit applications. I am creating this to help prepare for the Offensive Security Exploit Developer exam, but anyone interested in Windows exploit development will find this content useful.
I will not be discussing how to do reverse engineering or discover vulnerabilities. Those topics are out of the scope of this tutorial series. Rather, I will be focusing on how to transform an initial proof of concept into a working exploit.
Shout out to Offensive Security and Fuzzy Security for fueling my exploit addiction :)
Series Structure
I will loosely follow the OSED course syllabus as a guide.
The plan is to begin with vanilla buffer overflows and transition into more complex topics such as SEH handling, ROP chains, and more.
Tools used
I am restricting myself to the tools permitted in the OSED exam. View their public FAQ here. Feel free to use the tools you are most comfortable with.