I have been lately training myself on windows exploitation using multiples resources , but I was learning from corelan courses from 1 to 10 and applied to windows 10. I learnt a lot this time in topics such as how to bypass a few security mechanism protections , and overflow stuff attacks bof , seh . what should I focus to learn and find some browser , file format , mobile 0days or join to a vulnerability research job overseas ? I dont hold OSCP or OSCE
buffer overflow
- bad chars
- right module
seh
- stack cookie /GS
safeseh- out of range modules
- non-safeseh
- heap pending
- sehop pending
Egghunter
- ntdisplaystring
DEP
- rop chains
- ret2libc
ASLR
- non-aslr
- 2 byte overwrite - pending
- info leak - pending
shellcoding
- manual
- msfvenom
jumping shellcode- call / jmp / push esp
- pop pop ret
- call / jmp [reg + offset]
Metasploit modules
- writting metasploit modules local / remote
Reversing
- C/C++ skills
- basic skills
- Immunity
- wingdb
- IDA pro
fuzzing
- boofuzz
- peachfuzz
- winalf