Exploit Development (PWN) Resources

You may have a lot of fun in exploit development for Executable and Linkable Format (ELF) binary in Linux. There are several protection features for ELF binary, they are Relocation Read-Only (RELRO), Canary, No-eXecute (NX) and Position-Independent Executable (PIE). They are hardening features for the ELF binary in order to prevent it from being exploited. Once the ELF exploited, the attacker can port a shell that can access the system freely. However, those features can be bypassed under certain situations.

You should have knownledge in C, (or C++), Python and assemble programming languages for doing exploit development. Meanwhile, you should also have knownledge in some tools, such as GNU Debugger (GDB), pwndbg, Ghidra, Radare2 and PwnTools.

You may very hard to find a career, job or post in exploit development in Hong Kong, China. Therefore, only a few people in Hong Kong may be interested in this skill. If you want to spend some time in this area, think it carefully!

The best way to learn exploit development is by doing Capture The Flag (CTF) as every challenge is targeted to one or two techniques. In general, Exploit Development or PWN in CTF carries more points comparing to other challenges. Most PWN in CTF are ELF binaries.

Furthermore, some CTF PWN challenges are all hardening features enabled. You need to bypass them in order to get the flag or shell. So, it is not easy!

Tools

Capture The Flag (CTF)

Tutorials

Books

CTF 竞赛权威指南 (Pwn篇)

Samiux
OSCE OSCP OSWP
June 12, 2021, Hong Kong, China