Shellcode, Assembly and Buffer Overflow

This is quick commo check and update to my progress with the PWBv3 course.

I’ve spent the better part of this week knee deep in shellcode, assembly and debuggers… and let me tell you my brain needs a break!  Don’t let the latter sentence scare you away from this course; the tutorials and examples are excellent, even if you’ve never read the output of a debugger before you can handle it with the help of the videos and lab guide.  I just finished the “extra mile” portions of the buffer overflows module.  I was determined to nail those!  I’ve also read that the extra mile modules will help you in your quest for the OSCP certification (24 hours hack some boxes, remember?).  I found this site to be very helpful when trying my hand at an SEH overflow.

Diving into this training has afforded me the opportunity to strengthen muscles that I used daily, but to also train new ones, with regards to pen testing.

I’ll be writing up more about stack based buffer overflows and basic fuzzing in the future.

Advertisements

2 thoughts on “Shellcode, Assembly and Buffer Overflow

    • Alexia, while the TOSagreements we signed with Offsec prevents me from just spelling out a walk-through on how to get at specific machines, I’ll try to give you productive advice. Also, I’d like to note that part of the way this course works is it forces you to “try harder” (heard that a few times in the IRC and forums I’m sure!), and the reward after you figure out the solution is very fulfilling. I highly suggest getting onto the IRC channel (#offsec on freenode) and also trolling the forums if you haven’t been already. Don’t just blatantly ask for the answer, but tips and guidance is allowed. The IRC is a godsend, trust me! Sorry I can’t be more specific but A). I want you to succeed with this course and get the full advantage and B). It’s been so long that I would have to go back to my notes to even remember what the attack scenario was! Good luck, happy hunting… and to quote the Offsec crew: “Try Harder!”

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s