Offensive Software Exploitation (OSE) Course

This repository is for the Offensive Software Exploitation Course I am teaching at Champlain College and currently doing it for free online (check the YouTube channel for the recordings).

Most of the slidenotes I used, are already shared on http://opensecuritytraining.info, but the labs were fully created by myself. I used publically available resources and software to explain each of the weakneses covered, so there is nothing here that you cannot find online.

Vulnerable Software: The vulnerable software I used are also online and can be found at http://exploit-db.com. I will point them out later when I find time.

Tools used:

1. Immunity Debugger
2. Kali Linux
3. CFF Explorer
4. NetCat
5. Others!

Targets used:

1. Download any Windows 10 VM from Microsoft VMs. This was used for most of the labs, except for the EggHunter lab, I used a Windows 7 VM, also from Microsoft VMs.

Course modules:

• Module 01 - The Basics (PE Format, DLLs, etc)
• Module 02 - Bug Hunting and Fuzzing
• Module 03 - Intro. to Memory Corruption and Buffer Overflows
• Module 04 - Metasploit
• Module 05 - Mitigation Techniques
• Module 06 - SEH and Jumping Strategies
• Module 07 - Egghunter
• Module 08 - Retrurn Oriented Programming (ROP)
• Module 09 - Post Exploitation
• Module 10 - Manual Code Injection

Course Video Recordings (currently in Arabic): OSE YouTube Playlist