Hands-on Fuzzing and Exploit Development - Learn the process of exploit development with real world examples

Course videos and resources

Take this course on YouTube - Open to all. Published under Creative Commons licence (i.e. you are free to re-use / distribute this course as long as you attribute the original source).

Take this course on Techable - Free enrollment.

Note: Due to Udemy policies and length restrictions on free courses, we are no longer accepting enrollments for this course on Udemy. If have already enrolled in this course on Udemy, you will continue to have lifetime access to this course there. You can track all updates to this course from this page.

Join our student support channel on Discord

What you’ll learn

- Creating buffer overflow exploits for Windows applications
- Basics of Buffer Overflow
- Protocol and File Format Fuzzing
- Stack-based buffer overflow exploits
- SEH Overwrite exploits
- Multi-stage exploits

Requirements

- Have basic knowledge of Kali Linux
- Have basic knowledge of Fuzzing
- Have basic knowledge of Assembly language
- Have basic knowledge of Immunity Debugger 

About the course

This course will teach you the basics of exploiting a buffer overflow vulnerability. It follows the six stages of exploit development and gives a detailed walk-through of each. Each module starts by identifying the vulnerability via fuzzing. You’ll learn both, protocol fuzzing (using Spike) and file format fuzzing (using FileFuzz). It then shows you how to create a PoC to trigger the vulnerability and convert that PoC into a working exploit.

Through this course you will get introduced to various tools such as Immunity Debugger, Mona library for Immunity Debugger, Metasploit, msfvenom, Spike, File Fuzz and much more. This course is designed to be short and concise yet packed with practical knowledge.

Each video includes learning resources (in video), associated files (pdf slides, fuzzing scripts, python script etc.) and an assignment. You can just follow along and create a working exploit. It’s that simple. Happy learning!

If you are looking for resources to learn Immunity Debugger, checkout our free course Immunity Debugger for Exploit Devs

Here’s what you’ll be able to do after taking this course

Quick reference guide for mona.py

Assoicated blog post: Mona.py for exploit devs: 6 must know commands

What our fellow students say about this course

  • Course goes from the basics through to what the OSCP teaches you. Highly recommended, still enjoying the material. - Michael Ross
  • Best course I have taken thus far that explains buffer overflows in a way that you can easily try on your own home lab. Instructor is easy to understand, doesn’t rush through the material and explains step - by - step. - William Daugherty
  • Awesome course; clear and to-the-point; very helpful for understanding Buffer Overflow. - Zeeshan
  • This is a very good course, well organized and everything at hand for practicing. I’d just recommend to the instructor to speak a little bit slower next time. Cheers ! - Rodrigo Hierro
  • Excellent course and well taught. Would recommend to anyone interested in BOF - Steve Casey
  • Step by step instructions with resources given, very accurate and to the point. - Alex Paz Soldan
  • Great course he can really simplify the technique to understand easier. Update just finished course and gotta say this is by far the best course i have taken so far in exploit development! Now onto his advanced course - (anonymous user)
  • It’s a good beginning for someone who wants to know more about exploit development. - Ying-Chen Chiou

If you liked this course, check out the Hands-on Fuzzing and Exploit Development (Advanced) course.