[Exploit development] 1- Intro
Intro
Hello everyone, I hope you are doing well, In this article we will cover some subjects like what is exploit development or binary exploitation we will take a step back and cover the meaning of software. Also, what are the prerequisites to get into this field?
What is software?
Software is a set of instructions, data, or programs used to operate computers and execute specific tasks.
Any software mainly takes input, does some processing, and then export output, The input may be taken from the user
or another software, Additionally, the output may be exported to the user or another software for recycling.
The operating system is responsible for running and managing the software. It provides it with the resources it needs, such as memory, how to execute the task in parallel, and more.
What is a vulnerability or security bug? why does it happen?
A security bug happens when the software programmer trusts the user input and gets into the processing phase without any validation, without ensuring that this is the expected input. In addition, the software’s developer may use a bad design, or an unsecured paradigm not supposed to be used, causing security problems.
What is an exploit?
An exploit is how to take advantage of security bugs, exploits force the processing phase to do things that are unexpected and not designed to do, like gaining unauthorized access or privileges on a computer system or the leaking of classified information.
Prerequisites
To learn how to discover vulnerabilities and develop exploits, you need to learn computer science and how to build software first.
Intro to computer science
You have to learn programming and the basics of CS, so I recommend these resources to you:
Object-Oriented Programming
OOP is a fundamental programming paradigm, it’s the most popular programming paradigm used for software development, so you have to learn this paradigm very well, to understand the software that uses this paradigm, if you try to research this kind of software without any knowledge in OOP, you really will not be able to understand its behavior, so I recommend this resource to you:
- Head First Objects-Oriented Analysis and Design book this is a really useful book that simplifies concepts using pictures and illustrations
Data structure and algorithms
Any software, even that prints the sum of two numbers, uses data structures and algorithms, and we will deal directly with them in different situations later so you should be familiar with them, so I recommend these resources to you:
- Grokking Algorithms book this book covers the basic topics that every developer should know
- Algorithms Unplugged book this book more advanced than the previous book, and covers topics related to security like encryption and hashing algorithms.
- Dalgo repo this is my own repo that contains the most common data structures and algorithms, implemented in C language, which I think will be helpful for you
Computer networks
You have to learn computer networks and how computers communicate with each other, and most of the programs you will deal with are networking programs like FTP/web servers and a lot more, so I recommend these resources to you:
- CS144, Introduction to Computer Networking course it’s a lightweight course that covers the fundamentals of networks
- CS-340 Intro to Computer Networking cours it’s a nice course and more detailed than the previous
Assembly
Assembly language is the most important skill, that you had better master, the higher your level in assembly language, the higher your level in binary exploitation will be reflected, so I recommend these resources to you:
- Assembly Language for x86 Processors book it’s an amazing book for learning assembly basics, and you can also visit the author’s website and download many useful examples and learn from them
- Intro x86 (32 bit) course
- Intermediate x86 (32 bit) course
- Modern x64 Assembly course
Operating systems
As we described above the software is managed by the OS, so you need to understand how it works, how software is managed how the OS provides it with memory and resources how processes communicate with each other, A good OS concept will increase your value as a vulnerability researcher and coder also, so I recommend these resources to you:
- Operating System Concepts book
- Berkeley CS 162 Operating Systems course
- Win32API you can learn more about Windows and how to talk to it and benefit from its services from this official documentation
- CLib this is equivalent to the above but for Linux system
Programming Paradigms
You have to learn about the paradigms behind those programming languages, and how everything works behind the scenes, so I recommend this amazing course to you:
- Stanford - Programming Paradigms this is a very excellent course that will teach you very valuable things, it’s a combination of all the sciences above
Tools
You have to get familiar with tools such as:
- GNU Debugger (gdb)
- Windows Debuggers (WinDbg, Immunity Debugger, x64dbg)
- Metasploit framework
Conclusion
Study these materials very well to reach an advanced level in exploit development
Please if you benefited from the article, share it, i would like to thank you for reading.