Windows Exploit Development Part 0: Series Introduction

In this multi-part series we will be exploiting Windows 32-bit applications. I am creating this to help prepare for the Offensive Security Exploit Developer exam, but anyone interested in Windows exploit development will find this content useful.

I will not be discussing how to do reverse engineering or discover vulnerabilities. Those topics are out of the scope of this tutorial series. Rather, I will be focusing on how to transform an initial proof of concept into a working exploit.

Shout out to Offensive Security and Fuzzy Security for fueling my exploit addiction :)

Series Structure

I will loosely follow the OSED course syllabus as a guide.

The plan is to begin with vanilla buffer overflows and transition into more complex topics such as SEH handling, ROP chains, and more.

Tools used

I am restricting myself to the tools permitted in the OSED exam. View their public FAQ here. Feel free to use the tools you are most comfortable with.

• Exploit Machine: Kali Linux 2022 - Download
• Debugger Machine: Windows 10 VM - Download
• Programming Language: Python3 - Download
• Debugger: WinDbg - Download
• Disassembler: IDA Free - Download
• Exploit Framework: Metasploit Framework - Download (pre-installed on Kali Linux)