Past, Present, Future of Windows Exploitation - 3

最新推荐文章于 2025-08-24 17:01:19 发布

转载最新推荐文章于 2025-08-24 17:01:19 发布 · 1.4k 阅读

文章标签：

#windows #security #tutorials #archive #books #debugging

网络安全专栏收录该内容

27 篇文章

订阅专栏

本文档回顾了多个典型的Windows平台上的漏洞利用案例，并列举了一系列与Windows系统安全相关的书籍及教程资源，旨在帮助读者深入了解Windows系统的安全机制及其漏洞利用技术。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

history of some not so typical windows exploits:

in this section i’m going to archive some of interesting exploits i saw you can learn lots of things from them !

1- one of first real-world HW-DEP bypass Exploit by devcode : here

2- bypassing DEP by returning into HeapCreate by toto : here

3- first public ASLR bypass exploit by using partial overwrite by skape : here

4- heap spray and bypassing DEP by skylined : here

5- first public exploit that used ROP for bypassing DEP in adobe lib TIFF vulnerability : here (is this case ASLR bypass is possible !)

6- exploit codes of bypassing browsers memory protections : here

7- Cesar Cerrudo PoC’s on Tokken TokenKidnapping . PoC for 2k3: here , PoC 2k8: here

8- Tavis Ormandy KiTra0d an exploit works from win 3.1 to win 7 . PoC here (metasploit updated module works more interesting !)

9- old ms08-067 metasploit module multi-target and DEP bypass PoC here

10- PHP 6.0 Dev str_transliterate() Buffer overflow – NX + ASLR Bypass (using ROP and Brute Forcing ASLR) PoC here

11- Stephen Fewer SMBv2 Exploit . PoC here

note 1 :there is lots of other interesting exploits in windows platform you can just find them in here and also here .

note 2: i saw lots of other great and advanced exploits in commercial packages . (they are commercial so forget them ;) )

===================================================

history of related windows exploitation books !

in this section i’m going to archive some books about windows exploitation.

1- Exploiting Software How to Break Code By (Greg Hoglund, Gary McGraw)

2- The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (By Mark Dowd , John McDonald )

3- Buffer Overflow Attacks: Detect, Exploit, Prevent (by James C. Foster)

4- Windows Internals (by Mark Russinovich , David A. Solomon, Alex Ionescu)

5- The Shellcoders Handbook Discovering and Exploiting Security

(by Jack Koziol, David Litchfield, Dave Aitel, Chris Anley, Sinan Eren, Neel Mehta, and Riley Hassell)

6- Software Vulnerability Guide ( by HERBERT H. THOMPSON , SCOTT G. CHASE)

7- ADVANCED WINDOWS DEBUGGING (by Mario Heward , Daniel Pravat)

8- Reversing: Secrets of Reverse Engineering

9- great step by step exploit writing tutorials by my friend Peter Van Eeckhoutte :

Exploit writting tutorial part 1:Stack Based Overflows – here
Exploit writting tutorial part 2: Stack Based Overflows – jumping to shellcode – here
Exploit writting tutorial part 3: SEH Based Exploits – here
Exploit writting tutorial part 3b: SEH Based Exploits - just another example - here
Exploit writting tutorial part 4: From Exploit to Metasploit – here
Exploit writting tutorial part 5: speed up basic exploit development – here
Exploit writting tutorial part 6: Bypassing GS, SafeSeh, SEHOP, HW DEP and ASLR – here
Exploit writting tutorial part 7: Unicode – from 0×00410041 to calc – here
Exploit writting tutorial part 8: Win32 Egg Hunting - here
Exploit writting tutorial part 9: Introduction to Win32 shellcoding – here

also he wrote a cool immunity debugger PyCommand called PveFindAddr i think this python script is necessary for speed-up exploit development for newbie or expert exploit developers and i found it so useful , it have some cool features like finding instructions for code reuse and ROP also finding state of memory protections and finding best return address in your situation.

this is not complete lits of exploitation related book / articles list i just listed those have windows specific chapters .