Exploit Development Intermediate


During This Course, participants will Learn programming languages and Shellcode writing. They will acknowledge in program structure and execution patterns for the cause of knowing how to find vulnerabilities and exploit in programs and codes to gain control of target systems and applications. This course covers how to write shellcodes, programs, and tools, essential skills for advanced penetration testers and software security professionals.

Duration: 40 Hours

Target Audience
• Penetration testers
• Security professionals and vendors
• Research teams

• Background in Malware Analysis
• ThinkCyber Level-2 Courses

• Discovering different levels of vulnerabilities including zero-day vulnerabilities
• Understanding the methods of attacks
• Infrastructure and system defense
• Become familiar with APT and attacks that happened in recent years
• Understanding modern security mechanisms and how hackers bypass them



Module 1: C Programming Crash Course

In this module, students will learn a course that will speed up C-language programming capabilities to acquire the necessary skills in writing shellcode.

  • C programming fundamentals
    • Variables
    • Input and Output
    • Keywords and Operators
    • Expressions and Statements
    • Control Flow
    • The C Preprocessor
    • Functions
  •  Reasons for Using Functions
  • Basic Structure
  • Return Statement
  • Difference between ANSI-C and “Traditional C”
  • Object Storage Classes and Scope
  • Larger Programs
  • Macros
    • Pointers
  • Pointer Definition and Use
  • Pointers as Function Arguments: “Call by Value”
  • Arrays
  • Functions Returning Pointers
  • Multidimensional Arrays
  • Strings
  • Command Line Arguments
  • Pointers to Functions
    • Code Structures
  • Syntax and Operations
  • typedef
  • Array of Structures
  • Use with Functions
  • Linked Lists
  • union
  • enum
    • Using C Libraries
  • Memory Allocation
  • Math Libraries
  • Random Variables
  • Input and Output
  • Strings
  • General Style
  • Layout

Module 2: Assembly x86

In this module, students will acquire the experience in the machine language assembly to become familiar with shellcode codes and write one by themselves.

  • x86 Processor Architecture
    • Understanding Buses and Data Traffic
    • Syscalls Table
    • Number and Character Representation
    • Basic Assembly x86 Programming
  • Standard Output
  • Registers
  • Variables and Reserves
  • Strings in Assembly
  • Working with Numbers
  • Jumps and Flags

Module 3: Writing Shellcodes

Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. This module will provide an understanding of how shellcode is built, why it is used, and how to write it using conventional methods and techniques.

  • Background Information
    • Processor Registers Structure
    • Understanding Upper and Lower Data Block
    • Syscalls with Arguments
    • Zero Out a Register
    • Windows Calling Convention
    • Shellcode Tools
  • Gcc and ld
  • Nasm
  • Objdump
    • Find the DLL Base Address
    • Find the Function Address
    • Call the Function
    • Write the Shellcode
    • Test the Shellcode
    • Linux Shellcoding
  • Loading Addresses
  • Spawning a Shell
    • Windows Shellcoding
  • Using Sleep Function
  • Writing Message
  • Adding an Administrative Account