Hello everyone, this is my first post in the blog so I’m going to start talking a bit on why I created it and what I pretend to do with it.
What’s the purpose?
So earlier this month I started preparing for the OSCE certification from Offensive Security, it is a really hard certification centered around Windows exploitation. To obtain it you need to pass a 48 hour online exam in which you need to exploit 4 different machines using all that you’ve learned through the course. This seems like a lot of time to pass it and the material is a bit outdated but, from what I’ve read, it is one of the hardest certifications out there.
It’s clear that I have a hard task in front of me and, to make sure that I soak up as much information as I can, I’m going to write a series of blog posts explaining the different techniques that I’m learning. In my opinion, trying to explain something is the best way to make sure you have totally mastered it.
So having said all that, the next series of posts will be about exploiting Vulnserver, a purposely vulnerable Windows based TCP server. We will start by setting up our environment and fuzzing the different available commands in the application in order to obtain some crashes. After that we will move to the exploitation of each of the available commands using techniques that make us of BufferOverflows, Structured Exception Handlers or Egg Hunters.
Goobye everyone and see you in the next post :).