EXP-301 – Windows User Mode Exploit Development (OSED)

Files Included :

0 EXP301-COPY 00 00-Copyright.mp4 (995.41 KB)
MP4
1 EXP301-WINDBG 00 00-WinDbg and x86 Architecture.mp4 (789.19 KB)
MP4
10 EXP301-WINDBG 03 00-Accessing and Manipulating Memory from WinDbg.mp4 (770.3 KB)
MP4
100 EXP301-SHELL 05 02-Position-Independent Shellcode.mp4 (16.98 MB)
MP4
101 EXP301-SHELL 06 00-Reverse Shell.mp4 (2.56 MB)
MP4
102 EXP301-SHELL 06 01-Loading ws2 32 dll and Resolving Symbols.mp4 (15.8 MB)
MP4
103 EXP301-SHELL 06 02-Calling WSAStartup.mp4 (18.04 MB)
MP4
104 EXP301-SHELL 06 03-Calling WSASocket.mp4 (14.28 MB)
MP4
105 EXP301-SHELL 06 04-Calling WSAConnect.mp4 (22.87 MB)
MP4
106 EXP301-SHELL 06 05-Calling CreateProcessA.mp4 (25.66 MB)
MP4
107 EXP301-SHELL 07 00-Wrapping Up.mp4 (1.21 MB)
MP4
108 EXP301-REV 00 00-Reverse Engineering for Bugs.mp4 (4.72 MB)
MP4
109 EXP301-REV 01 00-Installation and Enumeration.mp4 (1.04 MB)
MP4
11 EXP301-WINDBG 03 01-Unassemble from Memory.mp4 (3.13 MB)
MP4
110 EXP301-REV 01 01-Installing Tivoli Storage Manager.mp4 (5.45 MB)
MP4
111 EXP301-REV 01 02-Enumerating an Application.mp4 (9.49 MB)
MP4
112 EXP301-REV 02 00-Interacting with Tivoli Storage Manager.mp4 (3.13 MB)
MP4
113 EXP301-REV 02 01-Hooking the recv API.mp4 (9.79 MB)
MP4
114 EXP301-REV 02 02-Synchronizing WinDbg and IDA Pro.mp4 (18.69 MB)
MP4
115 EXP301-REV 02 03-Tracing the Input.mp4 (9.81 MB)
MP4
116 EXP301-REV 02 04-Checksum Please.mp4 (89.03 MB)
MP4
117 EXP301-REV 03 00-Reverse Engineering the Protocol.mp4 (1.35 MB)
MP4
118 EXP301-REV 03 01-Header-Data Separation.mp4 (58.47 MB)
MP4
119 EXP301-REV 03 02-Reversing the Header.mp4 (54.65 MB)
MP4
12 EXP301-WINDBG 03 02-Reading from Memory.mp4 (5.18 MB)
MP4
120 EXP301-REV 03 03-Exploiting Memcpy.mp4 (24.68 MB)
MP4
121 EXP301-REV 03 04-Getting EIP Control.mp4 (17.12 MB)
MP4
122 EXP301-REV 04 00-Digging Deeper to Find More Bugs.mp4 (1.29 MB)
MP4
123 EXP301-REV 04 01-Switching Execution.mp4 (25.77 MB)
MP4
124 EXP301-REV 04 02-Going Down 0x534.mp4 (55.69 MB)
MP4
125 EXP301-REV 05 00-Wrapping Up.mp4 (964.74 KB)
MP4
126 EXP301-DEP 00 00-Stack Overflows and DEP Bypass.mp4 (1.52 MB)
MP4
127 EXP301-DEP 01 00-Data Execution Prevention.mp4 (1014.98 KB)
MP4
128 EXP301-DEP 01 01-DEP Theory.mp4 (12.39 MB)
MP4
129 EXP301-DEP 01 02-Windows Defender Exploit Guard.mp4 (17.78 MB)
MP4
13 EXP301-WINDBG 03 03-Dumping Structures from Memory.mp4 (9.68 MB)
MP4
130 EXP301-DEP 02 00-Return Oriented Programming.mp4 (1.82 MB)
MP4
131 EXP301-DEP 02 01-Origins of Return Oriented Programming Exploitation.mp4 (3.97 MB)
MP4
132 EXP301-DEP 02 02-Return Oriented Programming Evolution.mp4 (10.23 MB)
MP4
133 EXP301-DEP 03 00-Gadget Selection.mp4 (1.35 MB)
MP4
134 EXP301-DEP 03 01-Debugger Automation Pykd.mp4 (35.76 MB)
MP4
135 EXP301-DEP 03 02-Optimized Gadget Discovery RP.mp4 (7.55 MB)
MP4
136 EXP301-DEP 04 00-Bypassing DEP.mp4 (1.87 MB)
MP4
137 EXP301-DEP 04 01-Getting The Offset.mp4 (18.4 MB)
MP4
138 EXP301-DEP 04 02-Locating Gadgets.mp4 (8.52 MB)
MP4
139 EXP301-DEP 04 03-Preparing the Battlefield.mp4 (9.21 MB)
MP4
14 EXP301-WINDBG 03 04-Writing to Memory.mp4 (2.13 MB)
MP4
140 EXP301-DEP 04 04-Making ROPs Acquaintance.mp4 (15.62 MB)
MP4
141 EXP301-DEP 04 05-Obtaining VirtualAlloc Address.mp4 (51.46 MB)
MP4
142 EXP301-DEP 04 06-Patching the Return Address.mp4 (30.98 MB)
MP4
143 EXP301-DEP 04 07-Patching Arguments.mp4 (37.62 MB)
MP4
144 EXP301-DEP 04 08-Executing VirtualAlloc.mp4 (21.21 MB)
MP4
145 EXP301-DEP 04 09-Getting a Reverse Shell.mp4 (8.9 MB)
MP4
146 EXP301-DEP 05 00-Wrapping Up.mp4 (1.31 MB)
MP4
147 EXP301-ASLR 00 00-Stack Overflows and ASLR Bypass.mp4 (1.21 MB)
MP4
148 EXP301-ASLR 01 00-ASLR Introduction.mp4 (1.04 MB)
MP4
149 EXP301-ASLR 01 01-ASLR Implementation.mp4 (2.83 MB)
MP4
15 EXP301-WINDBG 03 05-Searching the Memory Space.mp4 (8.66 MB)
MP4
150 EXP301-ASLR 01 02-ASLR Bypass Theory.mp4 (9.04 MB)
MP4
151 EXP301-ASLR 01 03-Windows Defender Exploit Guard and ASLR.mp4 (11.93 MB)
MP4
152 EXP301-ASLR 02 00-Finding Hidden Gems.mp4 (1.79 MB)
MP4
153 EXP301-ASLR 02 01-FXCLI DebugDispatch.mp4 (20.93 MB)
MP4
154 EXP301-ASLR 02 02-Arbitrary Symbol Resolution.mp4 (32.73 MB)
MP4
155 EXP301-ASLR 02 03-Returning the Goods.mp4 (49.76 MB)
MP4
156 EXP301-ASLR 03 00-Expanding our Exploit (ASLR Bypass).mp4 (1.48 MB)
MP4
157 EXP301-ASLR 03 01-Leaking an IBM Module.mp4 (13.05 MB)
MP4
158 EXP301-ASLR 03 02-Is That a Bad Character.mp4 (17.97 MB)
MP4
159 EXP301-ASLR 04 00-Bypassing DEP with WriteProcessMemory.mp4 (1.31 MB)
MP4
16 EXP301-WINDBG 03 06-Inspecting and Editing CPU Registers in WinDbg.mp4 (1.89 MB)
MP4
160 EXP301-ASLR 04 01-WriteProcessMemory.mp4 (54.96 MB)
MP4
161 EXP301-ASLR 04 02-Getting Our Shell.mp4 (24.36 MB)
MP4
162 EXP301-ASLR 04 03-Handmade ROP Decoder.mp4 (40.51 MB)
MP4
163 EXP301-ASLR 04 04-Automating the Shellcode Encoding.mp4 (4.98 MB)
MP4
164 EXP301-ASLR 04 05-Automating the ROP Decoder.mp4 (41.33 MB)
MP4
165 EXP301-ASLR 05 00-Wrapping Up.mp4 (1.38 MB)
MP4
166 EXP301-FSSA1 00 00-Format String Specifier Attack Part I.mp4 (1.85 MB)
MP4
167 EXP301-FSSA1 01 00-Format String Attacks.mp4 (499.7 KB)
MP4
168 EXP301-FSSA1 01 01-Format String Theory.mp4 (5.88 MB)
MP4
169 EXP301-FSSA1 01 02-Exploiting Format String Specifiers.mp4 (17.31 MB)
MP4
17 EXP301-WINDBG 04 00-Controlling the Program Execution in WinDbg.mp4 (1.26 MB)
MP4
170 EXP301-FSSA1 02 00-Attacking IBM Tivoli FastBackServer.mp4 (1.25 MB)
MP4
171 EXP301-FSSA1 02 01-Investigating the EventLog Function.mp4 (15.35 MB)
MP4
172 EXP301-FSSA1 02 02-Reverse Engineering a Path.mp4 (31.43 MB)
MP4
173 EXP301-FSSA1 02 03-Invoke the Specifiers.mp4 (20.36 MB)
MP4
174 EXP301-FSSA1 03 00-Reading the Event Log.mp4 (1.11 MB)
MP4
175 EXP301-FSSA1 03 01-The Tivoli Event Log.mp4 (25.11 MB)
MP4
176 EXP301-FSSA1 03 02-Remote Event Log Service.mp4 (35.98 MB)
MP4
177 EXP301-FSSA1 03 03-Read From an Index.mp4 (51.4 MB)
MP4
178 EXP301-FSSA1 03 04-Read From the Log.mp4 (25.3 MB)
MP4
179 EXP301-FSSA1 03 05-Return the Log Content.mp4 (15.23 MB)
MP4
18 EXP301-WINDBG 04 01-Software Breakpoints.mp4 (10.4 MB)
MP4
180 EXP301-FSSA1 04 00-Bypassing ASLR with Format Strings.mp4 (1.12 MB)
MP4
181 EXP301-FSSA1 04 01-Parsing the Event Log.mp4 (32.83 MB)
MP4
182 EXP301-FSSA1 04 02-Leak Stack Address Remotely.mp4 (24.28 MB)
MP4
183 EXP301-FSSA1 04 03-Saving the Stack.mp4 (5.58 MB)
MP4
184 EXP301-FSSA1 04 04-Bypassing ASLR.mp4 (44.98 MB)
MP4
185 EXP301-FSSA1 05 00-Wrapping Up.mp4 (1.26 MB)
MP4
186 EXP301-FSSA2 00 00-Format String Specifier Attack Part II.mp4 (1.08 MB)
MP4
187 EXP301-FSSA2 01 00-Write Primitive with Format Strings.mp4 (1.2 MB)
MP4
188 EXP301-FSSA2 01 01-Format String Specifiers Revisited.mp4 (6.25 MB)
MP4
189 EXP301-FSSA2 01 02-Overcoming Limitations.mp4 (49.72 MB)
MP4
19 EXP301-WINDBG 04 02-Unresolved Function Breakpoint.mp4 (8.6 MB)
MP4
190 EXP301-FSSA2 01 03-Write to the Stack.mp4 (31.21 MB)
MP4
191 EXP301-FSSA2 01 04-Going for a DWORD.mp4 (7.07 MB)
MP4
192 EXP301-FSSA2 02 00-Overwriting EIP with Format Strings.mp4 (949.2 KB)
MP4
193 EXP301-FSSA2 02 01-Locating a Target.mp4 (23.93 MB)
MP4
194 EXP301-FSSA2 02 02-Obtaining EIP Control.mp4 (12.91 MB)
MP4
195 EXP301-FSSA2 03 00-Locating Storage Space.mp4 (748.36 KB)
MP4
196 EXP301-FSSA2 03 01-Finding Buffers.mp4 (16.69 MB)
MP4
197 EXP301-FSSA2 03 02-Stack Pivot.mp4 (16.43 MB)
MP4
198 EXP301-FSSA2 04 00-Getting Code Execution.mp4 (952.95 KB)
MP4
199 EXP301-FSSA2 04 01-ROP Limitations.mp4 (15.85 MB)
MP4
2 EXP301-WINDBG 01 00-Introduction to x86 Architecture.mp4 (394.58 KB)
MP4
20 EXP301-WINDBG 04 03-Breakpoint-Based Actions.mp4 (10.97 MB)
MP4
200 EXP301-FSSA2 04 02-Getting a Shell.mp4 (4.17 MB)
MP4
201 EXP301-FSSA2 05 00-Wrapping Up.mp4 (935.02 KB)
MP4
21 EXP301-WINDBG 04 04-Hardware Breakpoints.mp4 (14.36 MB)
MP4
22 EXP301-WINDBG 04 05-Stepping Through the Code.mp4 (12.31 MB)
MP4
23 EXP301-WINDBG 05 00-Additional WinDbg Features.mp4 (799.47 KB)
MP4
24 EXP301-WINDBG 05 01-Listing Modules and Symbols in WinDbg.mp4 (10.56 MB)
MP4
25 EXP301-WINDBG 05 02-Using WinDbg as a Calculator.mp4 (2.02 MB)
MP4
26 EXP301-WINDBG 05 03-Data Output Format.mp4 (2.2 MB)
MP4
27 EXP301-WINDBG 05 04-Pseudo Registers.mp4 (3 MB)
MP4
28 EXP301-WINDBG 06 00-Wrapping Up.mp4 (1.36 MB)
MP4
29 EXP301-STACKOF 00 00-Exploiting Stack Overflows.mp4 (1.22 MB)
MP4
3 EXP301-WINDBG 01 01-Program Memory.mp4 (4.45 MB)
MP4
30 EXP301-STACKOF 01 00-Stack Overflows Introduction.mp4 (6.64 MB)
MP4
31 EXP301-STACKOF 02 00-Installing the Sync Breeze Application.mp4 (6.41 MB)
MP4
32 EXP301-STACKOF 03 00-Crashing the Sync Breeze Application.mp4 (9.78 MB)
MP4
33 EXP301-STACKOF 04 00-Win32 Buffer Overflow Exploitation.mp4 (720.47 KB)
MP4
34 EXP301-STACKOF 04 01-A Word About DEP ASLR and CFG.mp4 (2.21 MB)
MP4
35 EXP301-STACKOF 04 02-Controlling EIP.mp4 (19.26 MB)
MP4
36 EXP301-STACKOF 04 03-Locating Space for Our Shellcode.mp4 (16.58 MB)
MP4
37 EXP301-STACKOF 04 04-Checking for Bad Characters.mp4 (15.7 MB)
MP4
38 EXP301-STACKOF 04 05-Redirecting the Execution Flow.mp4 (1.31 MB)
MP4
39 EXP301-STACKOF 04 06-Finding a Return Address.mp4 (34.68 MB)
MP4
4 EXP301-WINDBG 01 02-CPU Registers.mp4 (5.45 MB)
MP4
40 EXP301-STACKOF 04 07-Generating Shellcode with Metasploit.mp4 (5.55 MB)
MP4
41 EXP301-STACKOF 04 08-Getting a Shell.mp4 (16.19 MB)
MP4
42 EXP301-STACKOF 04 09-Improving the Exploit.mp4 (5.42 MB)
MP4
43 EXP301-STACKOF 05 00-Wrapping Up.mp4 (1.14 MB)
MP4
44 EXP301-SEH 00 00-Exploiting SEH Overflows.mp4 (1.63 MB)
MP4
45 EXP301-SEH 01 00-Installing the Sync Breeze Application.mp4 (7.12 MB)
MP4
46 EXP301-SEH 02 00-Crashing Sync Breeze.mp4 (3.5 MB)
MP4
47 EXP301-SEH 03 00-Analyzing the Crash in WinDbg.mp4 (4.08 MB)
MP4
48 EXP301-SEH 04 00-Introduction to Structured Exception Handling.mp4 (1.86 MB)
MP4
49 EXP301-SEH 04 01-Understanding SEH.mp4 (11.11 MB)
MP4
5 EXP301-WINDBG 02 00-Introduction to Windows Debugger.mp4 (943.14 KB)
MP4
50 EXP301-SEH 04 02-SEH Validation.mp4 (6.09 MB)
MP4
51 EXP301-SEH 05 00-Structured Exception Handler Overflows.mp4 (30.81 MB)
MP4
52 EXP301-SEH 05 01-Gaining Code Execution.mp4 (26.62 MB)
MP4
53 EXP301-SEH 05 02-Detecting Bad Characters.mp4 (9.55 MB)
MP4
54 EXP301-SEH 05 03-Finding a PPR Instruction Sequence.mp4 (29.48 MB)
MP4
55 EXP301-SEH 05 04-Island-Hopping in Assembly.mp4 (40.67 MB)
MP4
56 EXP301-SEH 05 05-Obtaining a Shell.mp4 (9.89 MB)
MP4
57 EXP301-SEH 06 00-Wrapping Up.mp4 (1.21 MB)
MP4
58 EXP301-IDA 00 00-Introduction to IDA Pro.mp4 (2.33 MB)
MP4
59 EXP301-IDA 01 00-IDA Pro 101.mp4 (1.05 MB)
MP4
6 EXP301-WINDBG 02 01-What is a Debugger.mp4 (1.52 MB)
MP4
60 EXP301-IDA 01 01-Installing IDA Pro.mp4 (2.72 MB)
MP4
61 EXP301-IDA 01 02-The IDA Pro User Interface.mp4 (18.42 MB)
MP4
62 EXP301-IDA 01 03-Basic Functionality.mp4 (11.5 MB)
MP4
63 EXP301-IDA 01 04-Search Functionality.mp4 (8.38 MB)
MP4
64 EXP301-IDA 02 00-Working with IDA Pro.mp4 (1.14 MB)
MP4
65 EXP301-IDA 02 01-Static-Dynamic Analysis Synchronization.mp4 (10.73 MB)
MP4
66 EXP301-IDA 02 02-Tracing Notepad.mp4 (18.53 MB)
MP4
67 EXP301-IDA 03 00-Wrapping Up.mp4 (1.23 MB)
MP4
68 EXP301-EGG 00 00-Overcoming Space Restrictions Egghunters.mp4 (1.46 MB)
MP4
69 EXP301-EGG 01 00-Crashing the Savant Web Server.mp4 (9.3 MB)
MP4
7 EXP301-WINDBG 02 02-WinDbg Interface.mp4 (4.42 MB)
MP4
70 EXP301-EGG 02 00-Analyzing the Crash in WinDbg.mp4 (7.64 MB)
MP4
71 EXP301-EGG 03 00-Detecting Bad Characters.mp4 (5.92 MB)
MP4
72 EXP301-EGG 04 00-Gaining Code Execution.mp4 (22.14 MB)
MP4
73 EXP301-EGG 04 01-Partial EIP Overwrite.mp4 (26.89 MB)
MP4
74 EXP301-EGG 04 02-Changing the HTTP Method.mp4 (20.13 MB)
MP4
75 EXP301-EGG 04 03-Conditional Jumps.mp4 (15.88 MB)
MP4
76 EXP301-EGG 05 00-Finding Alternative Places to Store Large Buffers.mp4 (10 MB)
MP4
77 EXP301-EGG 05 01-The Windows Heap Memory Manager.mp4 (4.97 MB)
MP4
78 EXP301-EGG 06 00-Finding our Buffer - The Egghunter Approach.mp4 (1.9 MB)
MP4
79 EXP301-EGG 06 01-Keystone Engine.mp4 (4.73 MB)
MP4
8 EXP301-WINDBG 02 03-Understanding the Workspace.mp4 (1.87 MB)
MP4
80 EXP301-EGG 06 02-System Calls and Egghunters.mp4 (24.97 MB)
MP4
81 EXP301-EGG 06 03-Identifying and Addressing the Egghunter Issue.mp4 (19.59 MB)
MP4
82 EXP301-EGG 06 04-Obtaining a Shell.mp4 (13.39 MB)
MP4
83 EXP301-EGG 07 00-Improving the Egghunter Portability Using SEH.mp4 (28.85 MB)
MP4
84 EXP301-EGG 07 01-Identifying the SEH-Based Egghunter Issue.mp4 (41.01 MB)
MP4
85 EXP301-EGG 07 02-Porting the SEH Egghunter to Windows 10.mp4 (15.33 MB)
MP4
86 EXP301-EGG 08 00-Wrapping Up.mp4 (1.08 MB)
MP4
87 EXP301-SHELL 00 00-Creating Custom Shellcode.mp4 (1.69 MB)
MP4
88 EXP301-SHELL 01 00-Calling Conventions on x86.mp4 (2.05 MB)
MP4
89 EXP301-SHELL 02 00-The System Call Problem.mp4 (7.2 MB)
MP4
9 EXP301-WINDBG 02 04-Debugging Symbols.mp4 (4.73 MB)
MP4
90 EXP301-SHELL 03 00-Finding kernel32 dll.mp4 (2.83 MB)
MP4
91 EXP301-SHELL 03 01-PEB Method.mp4 (10.3 MB)
MP4
92 EXP301-SHELL 03 02-Assembling the Shellcode.mp4 (19.56 MB)
MP4
93 EXP301-SHELL 04 00-Resolving Symbols.mp4 (4.17 MB)
MP4
94 EXP301-SHELL 04 01-Export Directory Table.mp4 (5.77 MB)
MP4
95 EXP301-SHELL 04 02-Working with the Export Names Array.mp4 (26.06 MB)
MP4
96 EXP301-SHELL 04 03-Computing Function Name Hashes.mp4 (20.55 MB)
MP4
97 EXP301-SHELL 04 04-Fetching the VMA of a Function.mp4 (22.44 MB)
MP4
98 EXP301-SHELL 05 00-NULL-Free Position-Independent Shellcode (PIC).mp4 (3.91 MB)
MP4
99 EXP301-SHELL 05 01-Avoiding NULL Bytes.mp4 (8.37 MB)
MP4