Note: These are writeups for the exercise for a previous version of my Exploit Development class that I’m not releasing for free. They assume that you have read Chapters 16–19 of Penetration Testing: A Hands-On Introduction to Hacking Version 1 or equivalent.

So far we have had plenty of room for our shellcode after the SEH overwrite or at a register, but this will not always be the case. Many exploit developers go straight for the egghunter (discussed in the next post), but in some cases it may not be necessary. …

Georgia Weidman

Founder of Shevirah and Bulb Security. Author of Penetration Testing: A Hands-On Introduction to Hacking. Fellow at New America. Professor at Tulane and UMUC.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store