Exploit Development

Return Home

Exploit writing tutorial

The question is: How do exploit writers build their exploits? What does the process of going from detecting a possible issue to building an actual working exploit look like? How can you use vulnerability information to build your own exploit?

Introduction to Exploit Development

This is the first part in a (modest) multi-part exploit development series. This part will just cover some basic things like what we need to do our work, basic ideas behind exploits and a couple of things to keep in mind if we want to get to and execute our shellcode. These tutorials will not cover finding bugs, instead each part will include a vulnerable program which needs a specific technique to be successfully exploited. In the fullness of time I intend to cover everything from “Saved Return Pointer Overflows” to “ROP (Return Oriented Programming)” of course these tutorials won’t write themselves so it will take some time to get there. It is worth mentioning that these tutorials won’t cover all the small details and eventualities; this is done by design to (1) save me some time and (2) allow the diligent reader to learn by participating.