Reverse Engineering (Exploit Development)
Starting off with exploit development, begin by using x86 based operating systems. Once you have the basic knowledge, try targeting x64 OSs.
Later versions of operating systems generally have more advanced memory protection, making them harder to exploit. For example:
- Data Execution Prevention (DEP)
Stops applications from executing code in a 'non-executable' memory area.
- Linux kernel 2.6.8 (2004)
- Windows XP SP2 (2004)
- Apple x86 (2006)
- Address Space Layout Randomization (ASLR)
Important data values (e.g. base of the executable & position of libraries, heap, and stack) are 'randomly arranged' in a process's address space.
- Linux kernel 2.6.12 (2005)
- Windows Vista (2007)
- Apple OS X 10.5 (2007)
- Supervisor Mode Execution Protection (SMEP)
'Prevent execution out of untrusted application memory while operating at a more privileged level'.
There are known methods to help bypass these techniques, both public & private. There are various guides out there explaining the theory and examples of doing so (Check resources for examples)
With this in mind, if you're starting off, either, use these operating systems before these protections were put in place, or, disable them. After covering the basics successfully, these protections can be enabled, allowing you to try and exploit them, thus building up your knowledge.
Just because you're able to exploit it on your chosen target, depending on how the exploit works, it doesn't mean this is guaranteed to work on every other system out there. With this in mind, having various versions of operating systems in your lab, allows for your exploit to be tried out on multiple targets. For example:
- Editions: Windows XP Home & Pro
- Service Packs: SP0, SP1, SP2 & SP3
- Languages: Arabic, English, French & German
There are general & specially designed applications to help exploit development, both free & commercial. Below are a few recommendations:
New tools may be brought out or existing ones could be updated, both making this list outdated. It is also personal preference. As you now have a lab to experiment with, go wild!