Explore Win32 exploit development techniques using Mona and Metasploit in this 58-minute conference talk by Peter Van Eeckhoutte and Elliot Cutright. Dive into the world of software vulnerability exploitation, understanding the scientific facts behind it, and learn about Metasploit's capabilities. Discover the typical exploit development process, including the use of debugger plugins and the powerful mona.py tool. Gain insights on finding offsets, handling exceptions, dealing with Unicode, ASLR, and DEP challenges. Watch a demonstration of Mona's ROP capabilities and learn how to integrate Mona with Metasploit for more effective exploit development.
Overview
Syllabus
Intro
Corelan Team
Exploiting software vulnerabilities
Why write exploits ?
Scientific Facts
What else?
What has Metasploit to offer?
Metasploit Standalone
Typical exploit dev process
Exploit dev takes time
Debugger plugins
mona.py to the rescue
mona.py initial config
Global options
First things first
Finding offsets
Exception Handlers
Unicode
ASLR & Rebase
Mona 3 Metasploit
DEP: how mona can help
Mona rop demo
