Basics of format string exploit writing

Basics of format string exploit writing

How to write simple format string exploits

“Your wish is my command.”

Taught by: Peter Zsiros

Length: 6 hours

$125.30
Reg. price: $179.00
Save: $53.70
EARLY bird!
-30%
Enroll now

Do you always validate your input?


"Format string exploit occurs when the submitted data of an input string is evaluated as a command by the application. In this way, the attacker could execute code, read the stack, or cause a segmentation fault in the running application, causing new behaviors that could compromise the security or the stability of the system." - Source: The OWASP Foundation


In this course we will write a simple 32 bit format string exploit for a sample application (no DEP bypass, no ASLR, no stack cookie, no etc.). Through this step-by-step procedure you will understand the working of format string exploits. By the end of the course you will be able to write a simple format string exploit on your own and will have the basis to move on and start writing more advanced exploits.


Join this course and go deeper into exploit development.

------------------------------

Live instructor-led course
It will be a live course so you will work together simultaneously with the trainer and the other students and will have the possibility to ask your questions. More about live classes

  • + Recommended for

    Programmers, security specialists

  • + Prerequisites

    Programming basics

  • + Technical requirements

    We will run maximum 2 virtual machines simultaneously, recommended minimum 8GB memory (2GB for each, and 4 remains to host), about 40GB disk space for virtual machines.

  • + Acquired skills

    You will be able to write simple format string exploits

Curriculum and videos

Session 1 - Format string exploit against a sample application

Finding the vulnerability in source code, writing the exploit.

Session 2 - Format string exploit against a real application

Finding the vulnerability with fuzzer, writing the exploit.