OpenCourser brand icon
Sign in
We may earn an affiliate commission when you visit our partners.

Exploit Development for Linux (x86)

Srinivas .

This course teaches exploit development for Linux (x86). This course introduces students to the exploit development concepts associated with Linux x86 binaries. This is an entry level to intermediate level course and we encourage you to take this course if you are interested to learn exploit development. However, remember that the course involves a lot of assembly language and debugging using a debugger. So, you need patience and passion to learn the concepts taught in the course. This course makes use of a variety of techniques on exploit development and brace yourself if you are willing to learn by sitting in front of a computer. After successfully completing this course, you will be ready to attempt several industry leading practical cyber security certification exams. 

Enroll now

What's inside

Learning objectives

  • Students will learn assembly language fundamentals for x86 processors
  • Students will learn how to write shellcode on linux for x86 processors
  • Students will learn practical linux exploit development concepts
  • Students will learn how to bypass linux exploit mitigation techniques such as nx and aslr

Syllabus

Course Introduction
Introduction
Lab setup
Installing Ubuntu 16.04 Desktop
Read more
Installing tools in the lab VM
VM with tools and exploits - Download
x86 Assembly crash course
Introduction and registers
MOV instruction and gdb intro
Accessing sub registers
ADD, SUB, INC, DEC instructions
XOR instruction
PUSH and POP instructions
CMP and JNE instructions
CALL, LEAVE, RET instructions
Stack Based Buffer Overflows
Compiling the program - No NX, ASLR & Stack Canary
Crashing the program
Finding offset to overwrite EIP
Using 3rd Party shellcode in the exploit
Finalizing the working exploit
JMP EAX technique - Introduction
JMP EAX Exploit
JMP ESP technique - Introduction
JMP ESP Exploit
Dealing with Bad characters
msfvenom and introduction to bad characters
Identifying bad characters
Final exploit with shellcode from msfvenom
Writing Shellcode
Exit shellcode - Part 1
Exit shellcode - Part 2
Execve shellcode
Reverse TCP shellcode - Part 1
Reverse TCP shellcode - Part 2
Reverse TCP shellcode - Part 3
Reverse TCP shellcode - Part 4
Reverse TCP shellcode - Part 5
Bypassing Exploit Mitigation Techniques
Understanding NX
Bypassing NX using Ret2Libc
Finding string offsets Using Ropper
Understanding and Bypassing ASLR
Return Oriented Programming
Introduction to mprotect
Return Oriented Programming - Part 1
Return Oriented Programming - Part 2
Return Oriented Programming - Part 3
Final exploit with rop chain
Conclusion
Bonus section
More Challenges
Student Solution 1 by Geoffrey Huck
Bonus lecture

Save this course

Save Exploit Development for Linux (x86) to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Exploit Development for Linux (x86) with these activities:
Review x86 Assembly Fundamentals
Solidify your understanding of x86 assembly language, which is crucial for understanding exploit development.
Show steps
  • Review assembly language concepts such as registers, instructions, and memory addressing.
  • Practice writing simple assembly programs.
  • Debug assembly code using a debugger like GDB.
Read 'Hacking: The Art of Exploitation'
Gain a deeper understanding of exploit development concepts by reading a classic book on the subject.
View Hacking: The Art of Exploitation, 2nd Edition on Amazon
Show steps
  • Read the chapters related to buffer overflows and shellcode.
  • Try the examples and exercises in the book.
  • Research any topics that are unclear.
Practice Buffer Overflow Exploits
Reinforce your understanding of buffer overflows by practicing on vulnerable programs.
Show steps
  • Set up a vulnerable virtual machine environment.
  • Find and exploit buffer overflow vulnerabilities in sample programs.
  • Experiment with different shellcode payloads.
  • Use debugging tools to analyze the exploit process.
Four other activities
Expand to see all activities and additional details
Show all seven activities
Write a Blog Post on a Specific Exploit Technique
Solidify your understanding by explaining a specific exploit technique in a blog post.
Show steps
  • Choose an exploit technique covered in the course.
  • Research the technique in detail.
  • Write a clear and concise blog post explaining the technique.
  • Include examples and diagrams to illustrate the concepts.
Develop a Simple Exploit for a CTF Challenge
Apply your knowledge by developing an exploit for a Capture The Flag (CTF) challenge.
Show steps
  • Choose a CTF challenge that involves exploit development.
  • Analyze the vulnerable program and identify potential vulnerabilities.
  • Develop an exploit to take advantage of the vulnerability.
  • Test the exploit and refine it until it works.
Read 'Gray Hat Hacking: The Ethical Hacker's Handbook'
Expand your knowledge of hacking techniques by reading a comprehensive handbook.
View Gray Hat Hacking: The Ethical Hacker's Handbook... on Amazon
Show steps
  • Read the sections related to exploit development and vulnerability analysis.
  • Explore the different hacking tools and techniques discussed in the book.
  • Consider the ethical implications of hacking.
Contribute to an Open-Source Security Project
Gain practical experience by contributing to an open-source security project related to exploit development.
Show steps
  • Find an open-source security project that interests you.
  • Explore the project's codebase and documentation.
  • Identify a bug or feature that you can contribute to.
  • Submit a pull request with your changes.

Career center

Learners who complete Exploit Development for Linux (x86) will develop knowledge and skills that may be useful to these careers:
Exploit Developer
Exploit Developers create code that takes advantage of security vulnerabilities in software or systems. The course directly aligns with the core responsibilities of this role. The course's curriculum, covering assembly language, shellcode writing, and techniques for bypassing exploit mitigation, provides practical skills and techniques. The detailed exploration of stack based buffer overflows, return oriented programming, and bypassing techniques will be invaluable for someone in this role. Exploit Developer is all about the course's content.
See salaries and explore the career path for Exploit Developer
Vulnerability Researcher
Vulnerability Researchers investigate software and hardware to discover security flaws that could be exploited by attackers. This course provides the foundational knowledge required to understand and identify such vulnerabilities, especially in Linux x86 environments. The course's deep dive into assembly language, stack based buffer overflows, and bypassing techniques like NX and ASLR are essential skills for a Vulnerability Researcher. Furthermore, learning to write shellcode and understanding return oriented programming are crucial for analyzing and proving the exploitability of vulnerabilities. The content within covers the practical knowledge to discover vulnerabilities.
See salaries and explore the career path for Vulnerability Researcher
Penetration Tester
Penetration Testers, also known as ethical hackers, simulate cyber attacks to identify vulnerabilities in systems. A key aspect of this role is understanding how exploits work, and this is where this course proves invaluable. This course provides practical knowledge of Linux exploit development, from writing shellcode to bypassing mitigation techniques. Learning to crash programs, find offsets, and use techniques such as JMP EAX and JMP ESP directly translates to real-world penetration testing scenarios. One who wishes to enter this field should take this course to gain a deeper understanding of the offensive side of security, complementing defensive skills.
See salaries and explore the career path for Penetration Tester
Reverse Engineer
Reverse Engineers analyze software or hardware to understand its inner workings, often to identify vulnerabilities or malicious code. This course helps build a foundation in reverse engineering, particularly within the context of Linux x86 binaries. The course's coverage of assembly language is fundamental for reverse engineering. The techniques for exploiting vulnerabilities are also applicable in the reverse engineering process. A Reverse Engineer would benefit from the knowledge of assembly language, shellcode writing, and exploit mitigation techniques.
See salaries and explore the career path for Reverse Engineer
Malware Analyst
Malware Analysts dissect and analyze malicious software to understand its functionality and develop methods for detection and removal. This course helps build skills in understanding how malware exploits vulnerabilities, particularly in Linux x86 systems. Malware often leverages techniques covered in this course, such as shellcode injection and bypassing exploit mitigation. The course's content on assembly language and reverse TCP shellcode would be particularly helpful for analyzing malware. Also, the knowledge of stack based buffer overflows is essential.
See salaries and explore the career path for Malware Analyst
Security Engineer
A Security Engineer focuses on protecting computer systems and networks. This role involves identifying vulnerabilities, developing security measures, and responding to security incidents. This course helps build a foundation in understanding exploit development concepts specifically for Linux x86 binaries, which is crucial for identifying and mitigating potential threats. The course's coverage of assembly language fundamentals, shellcode writing, and bypassing exploit mitigation techniques like NX and ASLR are directly relevant to this job. The knowledge of stack based buffer overflows will be very useful. Completion prepares one for industry certifications, highly valued in this field.
See salaries and explore the career path for Security Engineer
Application Security Engineer
Application Security Engineers focus on securing software applications by identifying and mitigating vulnerabilities throughout the development lifecycle. The course teaches the fundamentals of exploit development, which is valuable for understanding potential attack vectors against applications. The course's coverage of stack based buffer overflows, shellcode writing, and techniques for bypassing exploit mitigation like NX and ASLR are directly applicable to application security. The concepts taught in this course will help secure applications.
See salaries and explore the career path for Application Security Engineer
Firmware Engineer
Firmware engineer is a role in which one designs, develops, and tests low-level software that controls hardware devices. Exploit development knowledge is valuable for understanding device vulnerabilities. This course may be useful by providing a foundation in exploit techniques applicable to the processor architecture and system used in the device. This is because Firmware Engineers may need to secure Linux x86 binaries. The course's content on assembly language will be very useful. Industry certifications may be useful.
See salaries and explore the career path for Firmware Engineer
Cloud Security Engineer
Cloud Security Engineers specialize in securing cloud-based systems and data. Exploit development knowledge is valuable for understanding vulnerabilities specific to cloud environments. This course may be useful by providing a foundation in exploit techniques applicable to Linux systems often used in cloud infrastructure. This is because Cloud Security Engineers must secure Linux x86 binaries. The course's content on exploit mitigation will be very useful. Industry certifications in Cloud Security may be useful.
See salaries and explore the career path for Cloud Security Engineer
Cybersecurity Consultant
Cybersecurity Consultants advise organizations on how to improve their security posture and protect against cyber threats. A solid understanding of exploit development is valuable for assessing risks and recommending appropriate security measures. This course may be useful by providing insights into the techniques used by attackers, particularly in Linux environments. The course will enhance a consultant's ability to provide informed recommendations and develop effective security strategies. The concepts would be useful for industry certifications.
See salaries and explore the career path for Cybersecurity Consultant
Security Analyst
Security Analysts monitor and analyze security events to detect and respond to threats. While this role has a broader scope than exploit development, understanding how exploits work is crucial for effective threat analysis. This course may be useful by providing insights into exploit development techniques, particularly in Linux x86 environments. The course's content on assembly language and exploit mitigation may aid in understanding the potential impact of vulnerabilities. This also helps with industry certifications.
See salaries and explore the career path for Security Analyst
Security Architect
Security Architects design and implement security systems and networks. Knowledge of exploit development is valuable for understanding potential attack vectors and designing robust security architectures. This course may be useful by providing insights into exploit techniques, particularly in Linux x86 environments. The course's content on exploit mitigation techniques like NX and ASLR can inform the design of secure systems. Industry certifications would be useful in this field.
See salaries and explore the career path for Security Architect
Software Developer
Software Developers design, write, and test code for various applications and systems. While not directly focused on security, understanding exploit development can help developers write more secure code. This course may be useful by providing insights into common vulnerabilities and how they can be exploited. The course's content on stack based buffer overflows and other attack techniques can inform secure coding practices. Someone interested in industry certifications in cybersecurity may consider this.
See salaries and explore the career path for Software Developer
Game Developer
Game developers create video games, designing gameplay, writing code, and creating art. A basic understanding of security vulnerabilities can help prevent cheating or exploits in online games. This course may be useful by providing some knowledge of common vulnerabilities and exploit techniques. The course's content on shellcode and buffer overflows may inform secure coding practices in game development. Industry certifications in security may be useful.
See salaries and explore the career path for Game Developer
System Administrator
System Administrators are responsible for maintaining and managing computer systems and servers. The course may be useful by providing a deeper understanding of potential security threats and how to mitigate them. Knowledge of assembly language will be very useful. It will help System Administrators to troubleshoot the underlying cause of the incident. The information may be helpful with industry certifications.
See salaries and explore the career path for System Administrator

Reading list

We've selected two books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Exploit Development for Linux (x86).
Cover image
Hacking: The Art of Exploitation, 2nd Edition
Save
Provides a comprehensive introduction to exploit development, covering topics such as buffer overflows, shellcode, and network hacking. It highly recommended resource for understanding the fundamentals of exploit development. The book is commonly used as a textbook in cybersecurity courses and provides a solid foundation for further learning.
Hacking: The Art of Exploitation, 2nd Edition
Paperback
$$
Hacking: The Art of Exploitation, 2nd Edition
Kindle Edition
$$
Cover image
Gray Hat Hacking: The Ethical Hacker's Handbook,...
Save
Provides a broad overview of hacking techniques, including exploit development. It covers a wide range of topics and provides practical examples. It useful reference for understanding the broader context of exploit development and ethical hacking. This book is valuable as additional reading to expand on the course material.
Gray Hat Hacking: The Ethical Hacker's Handbook,...
Paperback
$$

Share

Help others find this course page by sharing it with your friends and followers:
Facebook
LinkedIn
Reddit
X
Link
Email

Similar courses

Similar courses are unavailable at this time. Please try again later.
Effort
7 total hours
Via
Udemy
Instructor
Srinivas .
Language
English
Share and help others discover this course.
Facebook LinkedIn X Reddit Link Email
Don't miss out
Enroll today to gain access to this course
Enroll in this course
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2025 OpenCourser