References

  • Heap Exploitation | Playing with chunks!: https://0x00sec.org/t/heap-exploitation-playing-with-chunks/2055
  • Heap Exploitation - Fastbin Attack: https://0x00sec.org/t/heap-exploitation-fastbin-attack/3627
  • Analysis of public exploits or my 1day exploits: https://github.com/externalist/exploit_playground
  • Shellcoding for Linux and Windows Tutorial: http://www.vividmachines.com/shellcode/shellcode.html
  • Voltron is an extensible debugger UI toolkit written in Python: https://github.com/snare/voltron
  • Reverse Shell from an OpenVPN Configuration File: https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da

Windows Specific

  • Modern Windows Userspace Exploitation: https://media.ccc.de/v/35c3-9660-modern_windows_userspace_exploitation

  • Zero Day Zen Garden: Windows Exploit Development - Part 0 [Dev Setup & Advice]: http://www.shogunlab.com/blog/2017/08/11/zdzg-windows-exploit-0.html

  • Zero Day Zen Garden: Windows Exploit Development - Part 1 [Stack Buffer Overflow Intro]: http://www.shogunlab.com/blog/2017/08/19/zdzg-windows-exploit-1.html
  • Zero Day Zen Garden: Windows Exploit Development - Part 2 [JMP to Locate Shellcode]: http://www.shogunlab.com/blog/2017/08/26/zdzg-windows-exploit-2.html
  • Zero Day Zen Garden: Windows Exploit Development - Part 3 [Egghunter to Locate Shellcode]: http://www.shogunlab.com/blog/2017/09/02/zdzg-windows-exploit-3.html
  • Zero Day Zen Garden: Windows Exploit Development - Part 4 [Overwriting SEH with Buffer Overflows]: http://www.shogunlab.com/blog/2017/11/06/zdzg-windows-exploit-4.html
  • Zero Day Zen Garden: Windows Exploit Development - Part 5 [Return Oriented Programming Chains]: http://www.shogunlab.com/blog/2018/02/11/zdzg-windows-exploit-5.html

Persistence

  • Maintaining Access Part 1: Introduction and Metasploit Example: https://www.hackingloops.com/maintaining-access-metasploit/

Return oriented programming (ROP)

  • 64-bit ROP | You rule ‘em all!: https://0x00sec.org/t/64-bit-rop-you-rule-em-all/1937
  • SROP | Signals, you say? (Sigreturn Oriented Programming): https://0x00sec.org/t/srop-signals-you-say/2890