9 months ago

Its been quite a while since I updated this site. For the next short while, the focus is going to be pretty specific: GIAC Advanced Penetration Testing and Exploit Development (GXPN) prep.

I was lucky enough to be chosen as a facilitator for SANS SEC660 at SANS Network Security; a class I've wanted to take for a long time. It was a brain-meltingly good class, especially the final two days: "Exploiting Linux for Penetration Testers" and "Exploiting Windows for Penetration Testers." While I'm no stranger to basic Buffer Overflow writing thanks to OSCP, this stuff was next level and honestly some of the most difficult coursework I've ever done. So for the next 60 days I'll be regularly updating the blog with materials and walkthroughs to make sure I understand all of the core concepts (maybe helping some other folks understand things along the way) and to stay accountable and on track. Note that this won't have any direct materials or labs from the books, the SANS course, nor will I post any of the practice exam or practical exam questions.

While I'll be talking about all concepts in the books, the areas I need most work will be the main focus (From the GIAC GXPN Description Page):

Advanced Fuzzing Techniques
The candidate will be able to develop custom fuzzing test sequences using the Sulley framework.

Advanced Stack Smashing
The candidate will demonstrate an understanding of how to write advanced stack overflow exploits against canary-protected programs and ASLR.

Advanced Fuzzing Techniques
The candidate will be able to develop custom fuzzing test sequences using the Sulley framework.

Introduction to Memory and Dynamic Linux Memory
The candidate will demonstrate a basic understanding of X86 processor architecture, Linux memory management, assembly and the linking and loading process.

Introduction to Windows Exploitation
The candidate will demonstrate an understanding of Windows constructs required for exploitation and the most common OS and Compile-Time Controls.

Python and Scapy For Pen Testers
The candidate will demonstrate an understanding of the ability to read and modify Python scripts and packet crafting using Scapy to enhance functionality as required during a penetration test.

Shellcode
The candidate will demonstrate the ability to write shellcode on the Linux operating system, and demonstrate an understanding of the Windows shellcode methodology.

Smashing the Stack
The candidate will demonstrate an understanding of how to write basic exploits against stack overflow vulnerabilities.

Windows Overflows
The candidate will demonstrate an understanding of how to exploit Windows vulnerabilities on the stack, and bypass memory protections.

The first post I'm working on, basic Stack-Based Buffer Overflows without ASLR/DEP/ETC, and basic fuzzing, should be up soon. In the meantime, if you have resources you'd like to share please do send them my way - via comments or on twitter at @highmeh

← From git clone to Pwned - Owning Windows with DoublePulsar and EternalBlue (Part 3) GXPN Prep 1: Basic Stack-Based Buffer Overflow →