Results 1 to 9 of 9

Thread: [Video] Exploit Development Series Share/Save - My123World.Com!

  1. #1

    [Video] Exploit Development Series

    Hello everyone, about two years ago I made a tutorial series on an introduction to exploits (what they are, how to write them, etc). This is not by any means a script-kiddie tutorial series. These are videos that will bridge the gap between being a noob, and being a fairly decent hacker.

    The only catch is if you don't understand the content in them you won't learn anything. I've included links in most, if not all, of the videos where you can further research the topics I discuss in them.

    What's in this video?
    • Coding Practices
    • Defining Functions of Interest
    • Introduction To Shellcode


    One last thing...THERE IS NO METASPLOIT USAGE IN ANY OF THESE VIDEOS. Everything you are about to see/learn is real hardcore stuff. No freebies here.



    Background (feel free to skip if you're not interested): Before I left the United States for work, I thought I was a pretty decent hacker, I knew a few things about WebAppSec, how to crack hashes, how to brute force with tools...etc (contrary to popular belief, if you know only these things, you are NOT a decent hacker, you are still a noob). Anyway, I had been trying to play the wargame IO on smashthestack just to see what it was about, but for about 6 months I really had no idea what I was doing. Then, one day I just randomly understood what was going on; I could all of a sudden read code, I could navigate through linux, I knew exactly what I had to do to complete the challenges. I'm still confused how I randomly understood everything, but anyway...I've taken a good amount of my research on exploit development and I've put it into these videos in an easy to understand, and follow-along, format. I hope you enjoy the show!
    Last edited by m0rph; 01-25-2013 at 03:07 PM.
    while( !(succeed = try() ) );

  2. #2

    Exploit Development Series - Part 2a (Shellcode Concepts)

    These first two videos are lectures, and contain very important information if you do not know much about exploits. Please do not just skip to video 3, and assume that you'll be able to follow along.

    The topic of discussion for this video is an expanded explanation of shellcode.


    What's in this video?
    • How shellcode is executed
    • Architecture types
    • Assembly/hex examples
    Last edited by m0rph; 01-25-2013 at 02:33 PM.
    while( !(succeed = try() ) );

  3. #3

    Exploit Development Series - Part 2b (Shellcode)

    This video expands even more on the previous video, and we end Part 2 with a visual example of how shellcode operates.
    What's in this video?
    • Different purposes of shellcode
    • Security evasion
    • Visual example of shellcode in action (bind and reverse shells)


    Last edited by m0rph; 01-25-2013 at 02:34 PM.
    while( !(succeed = try() ) );

  4. #4

    Exploit Development Series - Part 3 (Fuzzing)

    The topic of this video is fuzzing. At the end of Part 3, we fuzz a simple tcp echo server.

    What's in this video?
    • Types of Fuzzers
    • How to know if a fuzzer was successful
    • Finding buffer size




    PAY EXTREMELY CLOSE ATTENTION TO THIS VIDEO!!!! There are very few videos of how to make, and use a fuzzer!!! There are very few videos that tell you what fuzzing is! Almost all of the information in this video is either hidden away among online university papers, or it is written in a terrible way by some bum online. This is probably going to be the easiest video you will ever see on fuzzing.
    Last edited by m0rph; 01-25-2013 at 02:35 PM.
    while( !(succeed = try() ) );

  5. #5

    Exploit Development Series - Part 4 (Debug/Reverse Engineering)

    This video covers the basics of disassembling/reverse engineering. This is a great video, as I show you how to explore different functions within gdb. This is an awesome tactic for determining what a program might be able to do.

    What's in this video?
    • Exploring the CPU
    • Differentiating functions from other stack procedures
    • Finding functions and disassembling them
    • Finding return addresses


    while( !(succeed = try() ) );

  6. #6

    Exploit Development Series - Part 5 (Grand Finale)

    In this video, we put together all of the information we have learned from the previous videos, and apply it to a practical (but very unlikely) buffer overflow situation.

    What's in this video?
    • Epic linux shell tricks
    • Binary Tree Analysis
    • On the fly exploitation (IO smashthestack level 5)


    Part 1 - Beginning Of The End



    Part 2 - Grand Finale



    ***Attention***
    A user on securitytube revealed to me there was a post-production error, and there is an error in the video at 6:30. In the 4th line of our exploit, the video shows an "x20" at the end of our return address that was not visible at 6:29. The "x20" is so that any left over space in the buffer will return eip to the beginning of our shellcode.

    Additionally, if there is any topic in these videos that you didn't understand, or need a little extra help with feel free to ask, and I'll do my best to give you a hand!
    Last edited by m0rph; 01-25-2013 at 02:43 PM.
    while( !(succeed = try() ) );

  7. #7
    Hello morph, and thanks alot for sparing your time for sharing such a rare material. I had been trying to crawl through everything to find this kind of material. Thanks again.
    But a big problem with resolution. All the videos before Part-3 are not visible. It is my humble request if you could rerecord them. Further, it becomes a total waste of your hard work if people can't follow your starting few videos because of low resolution & then they leave those videos also which have got good visibility.
    So if you could just record these once again (because I can't leave this stuff). Thanks

  8. #8
    This looks really interesting, I will watch it all of it soon.
    XMPP:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog:
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  9. #9

    please reupload the videos sir :)

    Quote Originally Posted by dotcppfile View Post
    This looks really interesting, I will watch it all of it soon.
    please reupload the videos sir

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •