Hacking

Writing SEH Exploits

Andrew Whitaker
June 17, 2011 by
Andrew Whitaker

In these two videos, we will demonstrate how to write an exploit of the Structured Exception Handler. The video assumes you already understand how SEH and exploits work.

We will exploit an Easy Chat Server using OllyDbg. First we will use a skeleton of an exploit to find a SEH and then insert the actual shell code to add a new user with administrative rights using Cygwin Shell, a Metasploit utility.

Earn two pentesting certifications at once!

Earn two pentesting certifications at once!

Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.

Earn two pentesting certifications at once!

Earn two pentesting certifications at once!

Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.

Enjoy.

Part 1:

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Part 2:

Andrew Whitaker
Andrew Whitaker

Andrew Whitaker is a Senior Instructor for both the InfoSec Institute and the Intense School. He is also a nationally recognized expert on information security. He has performed penetration tests on numerous financial institutions throughout the United States and has been a regular consultant to government agencies on cyber security.He is also the author of several best-selling security and networking books, including "Penetration Testing and Network Defense" (Cisco Press), "Cisco Router Configuration Handbook" (Cisco Press), and "Chained Exploits: Advanced Hacking Attacks From Start to Finish" (Addison-Wesley). He is also a frequent conference speaker and has given talks on ethical hacking at Defcon, Chicagocon, SecurePhilly, and TakeDownCon. Whitaker also holds a Master’s Degree in Computer Science. He has trained the military, government defense contractors, and intelligence agencies on cyber security, risk management, ethical hacking, reverse engineering and exploit development.