git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinitAction:
| Learning Domains/Level of Learning:
|
Army General Learning Outcomes:
| Safety Requirements:
|
Exploit development is a potential phase or outcome of reverse engineering. When performing exploit development, a cyber actor actively digs into a target object with the aim of understanding how it works better than its creators. As the cyber actor gains more understanding of the object, they may find unintended functionality or vulnerabilities that the creators did not mitigate. These unknown vulnerabilities are particularly dangerous as they can be actively exploited by attackers. Alternatively, they can be mitigated by defenders if found before attackers exploit them.
Heap | Memory that can be allocated and deallocated |
Stack | A contiguous section of memory used for passing arguments |
Registers | Storage elements as close as possible to the central processing unit (CPU) |
Instruction Pointer (IP) | a.k.a Program Counter (PC), contains the address of next instruction to be executed |
Stack Pointer (SP) | Contains the address of the next available space on the stack |
Base Pointer (BP) | The base of the stack |
Function | Code that is separate from the main program that is often used to replace code the repeats in order to make the program smaller and more efficient |
Shellcode | The code that is executed once an exploit successfully takes advantage of a vulnerability |
Non executable (NX) stack
Address Space Layout Randomization (ASLR)
Data Execution Prevention (DEP)
Stack Canaries
Position Independent Executable (PIE)
Utilizing tools such as:
IDA, GHIDRA
GDB, MONA, IMMUNITY
BASH, PYTHON
git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinitdisass <FUNCTION> # Disassemble portion of the program
info <...> # Supply info for specific stack areas
x/256c $<REGISTER> # Read characters from specific register
break <address> # Establish a break point