Join Malcolm Shore for an in-depth discussion in this video Understanding buffer overflows, part of Penetration Testing Essential Training.
- [Malcolm] There are a number of ways…to achieve remote code execution on a server.…And one of the ways is to trigger…what's known as a buffer overflow.…We can do this by sending a malicious exploit packet…to an open service that has a buffer overflow vulnerability.…This then results in the target…executing code from our packet.…We can see how this works by running…a vulnerable program through a debugger.…Let's do this with MASM so that we can…see the instructions clearly.…I've written a small MASM program…which uses the Windows GUI called buffalo.asm.…
This simulates just a fragment of an application.…Take a look at the lines just below the .data declaration.…There's a data field called packet.…This is simulating a packet that…we've received from an input request for the user's name.…I've put my name there.…Let's just ignore the commented out fields for the moment.…Further down we can see the hello message…which expects to have a name inserted.…Let's look at the lines just below the .code declaration.…
We can see what the program is doing in the first few lines.…
Cybersecurity expert Malcolm Shore reviews popular pen testing tools, as well as the Bash and Python scripting skills required to be able to acquire, modify, and re-use exploit code. He also provides a refresher on Kali Linux and introduces techniques for testing web services. At the end of this course, you'll be prepared to take more advanced training, and to pursue the popular Offensive Security Certified Professional (OSCP) certification.
- Pen testing overview
- Pen testing tools
- Bash scripting
- Python scripting
- Kali and Metasploit
- Web testing
- Finding exploit code
Skill Level Intermediate
Ethical Hacking: Penetration Testingwith Lisa Bock1h 21m Intermediate
1. What is Pen Testing?
2. Pen Testing Tools
3. Bash Scripting
4. Python Scripting
5. Kali and Metasploit
6. Web Testing
7. Understanding Exploit code
What's next1m 27s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.