

Exploit Development Course for Windows - kiuhnm
http://expdev-kiuhnm.rhcloud.com/

======
xyzzy123
This is really good. I got the most value out of the UAF section; browser UAFs
are mostly a PITA to exploit but more or less the most common browser bug.
Moving from spray & pray to reliable exploit is a big jump. Available
information is mostly fragmented, out of date and truly understanding an
exploit by reversing it takes ages. Unfortunately the conditions are rarely
"golden", you're lucky when the exploitation is as clean as in the examples.

Rule #1 of exploiting is really "have a good bug", I think triage is one area
of tradecraft that isn't covered enough.

The shellcode section is a little quirky though; for POCs it makes a lot more
sense to just generate with metasploit or shellcode archives. The "code
ripping" approach used is valid, but time consuming and bloated.

~~~
kiuhnm
Thank you for your review.

I'm sorry you didn't like the shellcode section (I disagree on the "time
consuming" part), but I'm happy you found my course useful. The way you talk
you're most definitely not a beginner, so maybe you didn't need my course :)

I hope beginners won't find my course too difficult. I learned exploit dev on
my own in about 5 months so I know how difficult it is to get started.

Honestly, I'm probably the one who got the most out of it. Writing such a
course teaches you a lot.

~~~
xyzzy123
Hi! Seriously, was really useful to me. Please keep going! :)

