As part of the Compass research week, I dived into Windows exploit development. Conclusion is, that the basic exploiting principles from unix also apply on Windows. The biggest difference is the availability of much more advanced security tools, primarily debuggers and system analysis utilities, and some additional attack vectors like SEH. Also different versions of Windows provide drasticly different hardening features, like ASLR or DEP. But because of backwards compatibility and legacy software, some of the protections always seem to be missed (like the Microsoft Office Help Data Services Module, which misses ASLR, used in the latest CVE-2013-3893 IE exploit).
Nevertheless, I created a short presentation about a simple Windows remote exploit, whose purpose is to illustrate the basics for beginners of this black art.
The presentation is available here: WindowsExploitingIntro_v1.0_public
Leave a Reply