Prior knowledge for OSED | EXP-301 (Guide)
This is a repository of notes and material that I consider necessary in advance to opt for the course and the OSED certification (Windows User Mode Exploit Development)
This guide was born as a result of my interest in obtaining previous knowledge before eventuring the preparation course for the certification exam OSED.
I am currently in the process of preparing for certification (I will update this repository) :D
######## ##### ######## ##### ## ##
## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##
######## ## ## ######## ## ## ###
## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ##
## ## ##### ## ## ##### ## ##
Contents
- Programming languages
- Operating System
- Intro Reverse Engineering
- WinDbg and x86 Architecture
- Exploiting Stack Overflows
- Exploiting SEH Overflows
- Introduction to IDA Pro
- Overcoming Space Restrictions: Egghunters
- Shellcode from scratch
- Stack Overflows and DEP Bypass
- Stack Overflows and ASLR Bypass
- Overwriting EIP with Format Strings
- ROP chains and Rop playloads decoders
- [Practices and exercises] (#Practices-and-exercises)
Programming languages
For this certification it is very important to have a knowledge base in the following programming languages:
Python 3: https://youtube.com/playlist?list=PLBf0hzazHTGM_dncTqO9l-0zUQYP0nNPU
Bash: https://www.youtube.com/watch?v=smbeKPDVs2I
Assembly Language:
https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf
http://www.securitytube.net/groups?operation=view&groupId=6
C: https://youtu.be/KJgsSFOSQv0
Operating System
Win register: https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users
Reverse Engineering
Introduction To Reverse Engineering | Beginners:
https://youtube.com/playlist?list=PLMB3ddm5Yvh3gf_iev78YP5EPzkA3nPdL
Training By Ricardo Narvaja:
http://ricardonarvaja.info/WEB/EXPLOITING%20Y%20REVERSING%20USANDO%20HERRAMIENTAS%20FREE/INGLES/
WinDbg and x86 Architecture
x86 Architecture: https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/x86-architecture
Intermediate Intel x86: https://opensecuritytraining.info/IntermediateX86.html
Exploiting Stack Overflows
Understanding & Exploiting: https://sghosh2402.medium.com/understanding-exploiting-stack-based-buffer-overflows-acf9b8659cba
Intro Exploiting 1: https://www.fuzzysecurity.com/tutorials/expDev/1.html
Intro Exploiting 2: https://www.fuzzysecurity.com/tutorials/expDev/2.html
Intro Exploiting 3: http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
Intro Exploiting 3: https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
Exploiting SEH Overflows
https://www.fuzzysecurity.com/tutorials/expDev/3.html
https://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/
Introduction to IDA Pro
https://resources.infosecinstitute.com/topic/basics-of-ida-pro-2/
Egghunters
http://www.fuzzysecurity.com/tutorials/expDev/4.html
https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/
Shellcode
http://www.hick.org/code/skape/papers/win32-shellcode.pdf
https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
http://www.fuzzysecurity.com/tutorials/expDev/6.html
http://sh3llc0d3r.com/windows-reverse-shell-shellcode-i/
DEP Bypass
https://medium.com/cybersecurityservices/dep-bypass-using-rop-chains-garima-chopra-e8b3361e50ce
https://cwinfosec.org/Intro-ROP-DEP-Bypass/
ASLR Bypass
https://www.exploit-db.com/docs/english/17914-bypassing-aslrdep.pdf
Overwriting EIP
https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html
https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/#
https://www.youtube.com/watch?v=IOjl3tU1Ht8
ROP chains and Rop playloads decoders
https://scholars.unh.edu/cgi/viewcontent.cgi?article=2376&context=thesis
https://www.crowdstrike.com/blog/analysis-cve-2013-3906-exploit/