|
|
|
|
|
|
by xyzzy123
4035 days ago
|
|
|
This is really good. I got the most value out of the UAF section; browser UAFs are mostly a PITA to exploit but more or less the most common browser bug. Moving from spray & pray to reliable exploit is a big jump. Available information is mostly fragmented, out of date and truly understanding an exploit by reversing it takes ages. Unfortunately the conditions are rarely "golden", you're lucky when the exploitation is as clean as in the examples. Rule #1 of exploiting is really "have a good bug", I think triage is one area of tradecraft that isn't covered enough. The shellcode section is a little quirky though; for POCs it makes a lot more sense to just generate with metasploit or shellcode archives. The "code ripping" approach used is valid, but time consuming and bloated. |
|
|
I'm sorry you didn't like the shellcode section (I disagree on the "time consuming" part), but I'm happy you found my course useful. The way you talk you're most definitely not a beginner, so maybe you didn't need my course :)
I hope beginners won't find my course too difficult. I learned exploit dev on my own in about 5 months so I know how difficult it is to get started.
Honestly, I'm probably the one who got the most out of it. Writing such a course teaches you a lot.