Start reading stuff on the internet about beating DEP and ASLR. The concepts taught in that book are still very relevant. The only thing that has changed are the measures taken by some operating systems to prevent RCE via memory corruption. It is extremely difficult to teach ASLR bypasses, since in most every case they are different. DEP is a little more concrete, but you'll still need to find different gadgets for every exploit and possibly OS version.
I'd reccommend reading in depth about DEP and ASLR after you've finished and thoroughly understand what is in the book. Also, start doing a lot of hands on research. Maybe get better at RE. Secrets of Reverse engineering is good.
Once you've reached the point where you can find and exploit a memory corruption vulnerability to gain RCE, its time to start exploring on your own.
>>45948577 No problem. A couple more hints that should help you.
When dealing with DEP (xp+, linux 2.6.8+), you'll typically use something called Return Oriented Programming (ROP), also known as "Return to libc"
When dealing with ASLR you'll need a couple things, either an abitrary read vulnerablility that will disclose memory locations of the image base (or disclose a value from which you can compute the base at which the image is loaded). If that isn't available, you might need to heap spray. Sometimes you need a combination of both.
If you read up on DEP/ROP, ASLR, aribitrary reads/memory disclosures, and heap spraying techniques (typically using an arbitrary write), you'll be off to a good start. Once you start having to deal with modern OS memory and execution protections, is when things start to get interesting.
Typically, I test my POC exploit on an XP machine (with DEP), then I move to windows 7 (ASLR + DEP), then I move to win 8 (larger ASLR seed + DEP + randomised heap). Shit can get pretty interesting. Good luck.
>>45950205 The book OP is reading (The Art of Exploitation) is really good. There are a TON of subjects you need in order to actually exploit computers (especially those w/ modern operating systems). Read books on C programming, reverse engineering, socket programming, and networking. On top of that, read The Art of Exploitation and practice a bunch.
Thread replies: 12 Thread images: 2
Thread DB ID: 30708
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from them. If you need IP information for a Poster - you need to contact them. This website shows only archived content.
If a post contains personal/copyrighted/illegal content you can contact me at firstname.lastname@example.org with that post and thread number and it will be removed as soon as possible.