CERTIFIED PENTEST LABORATORY TESTER LEVEL 3

SYLLABUS

---

Exploit Creation Basics

Stack Overflows

Heap Overflows

Assembler Basics

---

Setting up a Scenario

Identifying an Application Target

Setting up a matching environment

Building a plan

---

Fuzzing

Fuzzing Basics

Fuzzing Techniques

Scripted Fuzzing

Fuzzing Specific Services

Fuzzing web applications

---

Application Debugging

Using a Debugger

Watching program execution

Identifying fuzzing success

---

Instruction Execution

Forcing in-memory execution

Pointing to another memory location

Executing code

---

Executing a Payload

Creating a payload

Including a payload with an exploit

Executing the payload

---

DEP Basics

What is DEP?

How does it impact exploits?

How to work around DEP

---

Exploiting a Remote Machine

What changes with remote exploits?

Appropriate encoding

Remote Exploitation Process

Testing the exploit

Testing command execution

Testing the payload

Automating the exploit through Metasploit