Code elements to look for when automating exploit generation






When you test the security of an application (let’s say for finding a buffer overflow vulnerability) you can have a variety of tools at your disposal: Static code analysers: tools that allow the analysis of a program without actually executing it. They can check for Syntax errors, coding implementations that don’t adhere to the standard guidelines, security vulnerabilities. They are prone to a high number of false positive and false negative results. Normally they analyze …






Best books, tutorials and courses to learn about exploit development






The best resources for learning exploit development Exploit development is considered to be the climax in the learning path of an ethical hacker or security professional. It is strongly advisable to have mastered the basics before delving into this topic. Exploit development is hard and it’s not something you learn at school or university (usually), not something any of your …






Penetration testing course: 0x01 Introduction






I often receive messages from people asking me how to become a hacker, how to hack a website or how to become a professional penetration tester. I usually reply case by case if I’m free and if I feel the person is truly interested in the field and he’s not trying to do some illegal activities (often without the minimum …