Exploit development is an essential skill for any infosec professional who has to grapple with specific project requirements and pen testing exercises. This is precisely the reason why we put together this comprehensive collection which collates our set of exploit development and Maltego guides.
Our exploit writing tutorials will teach you the works — right from the basics of how to script
an exploit using PERL, then port and exploit to Ruby, and all the way to fuzzing as well as shell
coding. In addition to exploit writing, our compendium features Maltego, a formidable open source
intelligence (OSINT) tool that can be tapped to conduct detailed individual reconnaissance of a
These guides will also show you how to perform infrastructural reconnaissance using Maltego. So here are all four of our tutorials as free PDF downloads for your offline browsing.
There are times when an infosec professional has to go beyond the use of readily available
exploits, and write a custom script to meet specific requirements. Our first tutorial on exploit
development will teach you how to craft custom exploits, as well as look at various aspects of
exploit writing and useful techniques.
This exploit writing PDF download will explore different vulnerability discovery classifications, various aspects of fuzzing, and develop practical approaches from available theory.
While the first PDF in the exploit development tutorial series focused on how to script basic Perl exploits, this installment will examine how you can write exploits in PERL, and port exploits to Ruby. Get all the background info you need to become a proficient exploit writer in this installment — starting with pointer and memory arrangement to shell coding, defining and connecting to the exploit.
Maltego is an OSINT tool designed for information gathering from different sources — a tool of choice for information gathering, a prime aspect of pen testing. It is powerful in trained hands, and includes options for search engine SMTP queries. This tutorial looks at how you can perform individual reconnaissance on a target using Maltego to acquire as much information about a target prior to the hit.
Moving beyond the personal reconnaissance activities covered in the first installment of this series, we now look at the use of this tool to gather information about infrastructure. This form of reconnaissance covers aspects such as the autonomous system (AS), DNS names, IPv4 addresses, mail exchange servers (MX), and so on. Join us, as we look at how to garner target details using this multi-faceted tool.
This was first published in November 2012