Useful Study Material - Exploits | Malware

Hi There,

I’ve been a noob to the cyber security industry since 2018 (going to be starting university this year to receive a BSc in Cyber Security and Networks and have worked 4 months as a Junior Penetration Tester in addition to self study) and I’m looking for study material to continue with after I’ve done a little more here on HTB.

I’ve completed CrackMe! in the RE section and Ropme in the pwn section of the site already for which I used python pwntools; after completing a challenge from web, taking a look into the mobile challenge and rooting a couple of boxes I’m really wanting to explore malware development and exploit development in detail.

I want to get to a point where I can find a vulnerability in a service manually and independently develop a working exploit to gain root (I’m aware it’s not as simple as I’ve worded it!)

Anything would be helpful but I’d specifically love some project ideas and tutorials on exploit & malware development- I’d rather not use Metasploit additionally.

Thanks,
Courtney :slight_smile:

One book I used in one of my university courses was “Hacking: The Art of Exploitation” by jon Erickson

Helped a lot to grasp buffer overflows.

I’m trying solve pwn rompe, with local host I started ropme with netcat (nc -e ropme -lp 10104) and use Pwntools for getting shell in two stage. In local I get shell, but when I try with hackthebox docker I get EOF. I think it’s because ropme was started from user without shell on remote side. But maybe I do a mistake?
Did anybody get shell with pwn ropme?

Malware Development - check ippsec video about the word macro malware.