I am interested in learning more about exploiting vulnerable programs and being able to code exploits for vulnerabilities. I have intermediate Python knowledge and had an introductory course in C. I am aware that my lack of serious proficiency with C is going to be a problem if I want to tackle exploit development, so I am going to work on that. My plan is to read some relevant books / resources on the subject, while using wargame sites for practice, such as those found on
http://overthewire.org/wargames/ or
http://exploit-exercises.com/ The problem is, I find myself completely lost beyond the very basic buffer overflow and format string exploits. So I concluded I might have been going wrong about this, and should start over from the ground up. Getting more familiar with C, assembly and debugging is my priority now, and perhaps things will be clearer as I move along.
So I am wondering if someone who is more experienced in this matter could provide a roadmap of what resources I should use to get some solid basic notions and be able to move to exploits from there on.
What I tried so far:
Opensecurity videos and slides
Corelan tutorials (though I stopped after the first because I felt I was not at the level where I could comprehend all the explanations)
SecurityTube free series in Assembly and GDB
Various articles and PDFs I found on the net
And my current tentative plan of study:
Programming in C by Stephen G. Kochan
For assembly, I have a number of books, but I don't know which one would be best ( I have Assembly language Step by Step and Guide to Assembly Language - A Concise Introduction, among others )
Hacking The Art of Exploitation + The Shellcoder's Handbook - I'm not sure if these aren't too advanced for my current level
If anyone has any tips or advice about the optimal way to study for getting into the exploit development field, I would greatly appreciate if you could share some with me.
Thanks in advance!
