When I started studying and learning about exploit development, one of the biggest issues I ran in to was finding a good starting point. I am by no means an expert in this field, but here is a list of some of the material I found helpful while learning (I still am learning and will always be) to research vulnerabilities and develop exploits. I figured I would put this list out there to help anyone else who is in the same place I was. Here we go!
Offensive Security’s Penetration Testing With Kali Linux course. https://www.offensive-security.com/ Not necessarily related to exploit development but more on general Pen Testing, this course changed the way I look at Info Sec as a whole. Plus the OSCP certification is worth it! Offensive Security also has another course called Cracking the Perimeter (CTP) that focuses more on exploit development which gets you the OSCE certification. (Eventually I want to take this course myself.)
Most import thing: Don’t get discouraged when you can’t figure something out, keep researching and learning. You will figure it out eventually. Also, don’t compare yourself to others. Everyone who is good at what they do were bad at it at one point. Keep going! As Offensive Security likes to say, Try Harder!
PWK (Which gets you your OSCP) Is more of an intro to pentesting course. While there is one chapter on Exploit Development, it’s not meant to be the main focus of the course.
The course that get’s you your OSCE, on the other hand, is the course that actively focuses on Exploit Development; as far as I’ve been told by those currently enrolled in its curriculum anyway.
Oh yeah man, I take my exam for the OSCP on saturday. It’s an incredible course, I liked it so much that I plan on taking more OffSec courses in the future.
Right on! The exam wasn’t as hard as I thought it would be. Like the machines aren’t technically that hard, but its the time constraint that’s the real problem. You won’t see anything akin to BOB or sufferance or anything.
That’s what I figured, I’m not super nervous about it, I just really don’t want to write the report. xD
I’m still trying to write up my lab and course exercise report because I was a total shithead about taking screenies and documenting stuff so it’s taking ages.
That depends entirely on what you are trying to do. The OSCP and OSCE are just certs, all it’s gunna do at the end of the day is help you get a job; but both are really excellent courses if you can afford it.
Of course, all of the information in those courses are also scattered about the web, and most students use that as a supplement to the course material (Shit’s hard, man).
If the goal is to just learn exploit development without burning a hole in your pocket then your best option is to hunt down resources like those detailed above and self-teach.
As an alternative, if you’re trying to get a job, you could use what you self-taught on exploit development, find a vulnerable app, write an exploit, go through the whole responsible disclosure dance, post it on github after the company has acknowledged and patched the vuln, and write a blog post about it; this way you have something to show prospective employers in lieu of a certification (Which, IMO, is wayyyyyy better than a stupid piece of paper even if HR ppl don’t think so).
.