I have done a little bit of exploit development over the years starting with stack overflows, reading Hacking The Art of Exploitation, The Shellcoders Handbook Second Edition, and some CTF related stuff but I really had let my skills fall stale in the last few years. I went seeking out resources to freshen up my knowledge and found that it was spread out all over the place. So I figured why not put them all together for anybody looking to refresh their memory or just get started learning. I feel that at least a fundamental understanding of exploit development at the very least enough to make modification to public exploits is necessary for anybody seeking a career in penetration testing. Also it’s just downright fun to play around in a debugger.
A couple of books that I referenced above that got me started and can give you a great foundation
You going to need to learn some assembly to understand what you are seeing in the debugger and also for writing your own custom shellcode:
A great place to start is with securitytube.net that offers a great class on assembly language
Securitytube Windows assembly language megaprimer can be found here
Securitytube Linux assembly language megaprimer can be found here
You can then follow this up with the Securitytube buffer overflow for Linux megaprimer here
The Shellcoders handbook serves as a great resource which you can buy from Amazon
Shellcoding for Linux and Windows tutorials be found here
The project shellcode tutorials can be found here
fuzzsecurity has some great stuff as well here
Opensecurity training also has a video series to accompany some of the topics that I found very useful here
A wiki on metasploit that has some great info can be found here
The grey corner posts some detailed material
Fuzzysecurity also offers material on Linux exploit development here
Corelan coder does the same with his Linux exploit material here
Exploit databases can be a great place to see already working and public exploit code. Taking a look at code and understanding it can be a big step towards writing your own successful exploit code.
Some sites to find exploit code:
There are probably many more good resources out there so feel free to tweet me. I love to post resources to help people find good material that has helped me so you will probably see a lot of that on this blog. I hope this list grows as people give me suggestions.