Courses | Technitics Consulting
Exploit Development
Overview
Exploit Development encompasses a wide are of Research. It could be related to Web Applications, Buffer Overflow based ones, Heap-Spray or any other type of an exploit. We are looking for professionals who have good experience in the same.
Pre-requisites
- Programming experience.
- Assembly Language knowledge.
- Understanding of common executable file formats / Debugging Concepts.
- Expertise in Reverse Code Engineering.
- Thorough knowledge of Web Applications.
- Experience with Shellcodes / Metasploit.
- Experience in Fuzzing & Exploit Development.
- In-Depth understanding of both Windows & Linux/Unix Architecture.
Lab exam blueprint
Although Exploit Development is a huge domain, for the lab exam, we'll have just two sections.The Candidate will be provided with one 'Web Application' and one 'Sample Application'. The Objective will be to find Vulnerabilities in both of them and to write working Exploits for both of them. To avoid confusion, the 'Sample Application' will be a Windows Executable & the Web Application will be PHP-MySQL-Apache based one.
Tools recommended
- Apache-MySQL-PHP based Webserver-setup.
- Debuggers / Disassemblers.
- Fuzzers.
- Shellcodes / Metasploit.
- Perl,Python,c/c++ Interpreters/Compilers.
Expected Solution Format
At the end of the lab exam, the candidate is required to submit a report that explains how exactly the Vulnerabilities were discovered. Its expected to be as technical as possible with every single detail mentioned.
Report must include -
- Tools used.
- The problems that you faced.
- Your approach to solve the problems.
- Vulnerabilities that were found.
- How many of them can be successfully exploited.
- Working Exploits.
- If any programming was required, we expect the source-code to be submitted.
Solutions have to be submitted in pdf / Word Document format.