Scribd
Upload
266 views4 pages

Exploit Development Learning Roadmap by RK

The document outlines a comprehensive four-week roadmap for learning exploit development, covering foundational concepts in stack and heap exploitation, advanced techniques, and real-world applications. It includes daily practices, resources, and tools to master, along with long-term goals for further expertise in areas such as Windows service targeting and hardware exploitation. The curriculum emphasizes hands-on practice and analysis of vulnerabilities through challenges and real CVEs.

Uploaded by

reyeskinkade07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
266 views4 pages

Exploit Development Learning Roadmap by RK

The document outlines a comprehensive four-week roadmap for learning exploit development, covering foundational concepts in stack and heap exploitation, advanced techniques, and real-world applications. It includes daily practices, resources, and tools to master, along with long-term goals for further expertise in areas such as Windows service targeting and hardware exploitation. The curriculum emphasizes hands-on practice and analysis of vulnerabilities through challenges and real CVEs.

Uploaded by

reyeskinkade07
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Exploit Development Learning Roadmap

Week 1: Foundations & Basic Stack Exploitation


Day 1-2: Stack Buffer Overflow Basics
Create and exploit a simple buffer overflow program

Learn to use GDB with PEDA/GEF extensions


Understand stack frame layout

Develop a reliable exploit with shellcode execution

Day 3-4: Bypassing Basic Protections


Stack canaries: Detection and bypass techniques

Address leaks to bypass ASLR


Return-to-libc attacks for DEP/NX bypass

Day 5-7: Format String Vulnerabilities


Create vulnerable format string programs
Learn arbitrary read/write primitives

Develop exploits to modify GOT entries


Build format string exploits with custom payloads

Week 2: Advanced Stack & Introduction to Heap


Day 8-9: Return-Oriented Programming (ROP)
Find ROP gadgets using tools like ROPgadget

Build basic ROP chains


Chain multiple gadgets for complex operations
Develop full ROP exploit for a vulnerable program

Day 10-12: Introduction to Heap Exploitation


Understanding heap memory management in Linux/Windows

Heap overflow vulnerabilities


Use-after-free vulnerabilities
Simple heap exploitation exercises

Day 13-14: CTF Practice


Solve binary exploitation challenges on platforms like:
PicoCTF
HackTheBox
overthewire.org (Narnia, Behemoth)

Review and understand solutions for challenges you couldn't solve

Week 3: Advanced Heap & Windows Exploitation


Day 15-16: Advanced Heap Techniques
Heap Feng Shui (manipulating heap layout)

Exploiting heap metadata corruptions


fastbin dup attacks
unsorted bin attacks

Day 17-19: Windows Exploitation Basics


SEH (Structured Exception Handling) overflows

Windows memory protections


Stack buffer overflows on Windows

Windows shellcode considerations

Day 20-21: Analyzing Real CVEs


Pick 2-3 public CVEs with memory corruption issues

Analyze patches to understand vulnerabilities


Reproduce exploits in controlled environments

Modify public exploits to improve reliability

Week 4: Advanced Techniques & Real-World Applications


Day 22-23: Browser Exploitation Introduction
JavaScript heap spraying techniques

Understanding browser memory layout


Analyzing browser exploits

Setting up browser debugging environment

Day 24-25: Kernel Exploitation Basics


Kernel memory layout

Kernel protections and bypass techniques

Simple kernel buffer overflow

Privilege escalation via kernel exploitation

Day 26-28: Advanced Project


Analyze a default Windows service of your choice

Map attack surface and potential vulnerability points


Develop fuzzing harness for the service

Document findings and exploitation strategy

Long-term Goals (Subsequent Weeks)


Advanced Windows Service Targeting
Protocol analysis of SMB, RDP, DNS, etc.

Advanced fuzzing with protocol awareness

Pool grooming and exploitation techniques


Windows kernel mitigations bypass

Zero-Day Research Methodology


Code auditing techniques

Advanced static/dynamic analysis


Automated vulnerability discovery

Exploit reliability engineering

Hardware/Firmware Exploitation
UEFI/BIOS security

Embedded device exploitation

Side-channel attacks

Physical security bypass

Daily Practice Habits


Spend 30 minutes reading security blogs or research papers

Dedicate at least 1 hour to hands-on exploitation practice

Document your findings and techniques in a personal knowledge base

Review one public exploit per day to understand different techniques

Resources to Use Throughout


Books:
"Hacking: The Art of Exploitation" by Jon Erickson

"The Shellcoder's Handbook" by Chris Anley

"Practical Binary Analysis" by Dennis Andriesse

Online Resources:
LiveOverflow YouTube channel

corelan.be tutorials
Modern Binary Exploitation course (RPISEC)

Project Zero bug reports and exploits

Tools to Master:
GDB with PEDA/GEF/pwndbg

IDA Pro/Ghidra

Immunity Debugger/WinDbg (for Windows)

Fuzzing frameworks (AFL, libFuzzer)

ROPgadget, pwntools (Python)

You might also like