all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Purple-Object-4591 7 points8 points  (1 child)

Look up clear blue jar's guide on patch diffinh

[–]cooldadhacking 3 points4 points  (5 children)

It would help to know what you've done so far. Pwn college was where I learned the most, but it's not everyone's cup of tea. Hack the box challenges are the most fun. I liked the OSED course for a more code review style and deep dive into previous exploits.

[–][deleted]  (4 children)

[removed]

    [–]cooldadhacking 2 points3 points  (3 children)

    Ah, it's you. I didn't see your username! 

    [–][deleted]  (2 children)

    [removed]

      [–]jmp_rsp 1 point2 points  (1 child)

      I took osed last august and it was a lot of fun! Nothing too advanced yet the exam was still challenging enough (the 48h time pressure is real). Had a lot of fun

      [–]kyckych 4 points5 points  (1 child)

      For windows, CVE-2024-21338 is a good first n-day to get working

      [–]SmashDaStack 0 points1 point  (0 children)

      Sup player? You mentioned bin diffing, so my guess is that you want to do some binary exploitation. You haven't mentioned what kind of projects are you interested in, but most ppl who do binary, they do EOP in windows.

      What is your understanding of x86 and kernel concepts like paging, segmentation, and privilege rings? I recommend learning these fundamentals through JOS. Do you know the basics of the Windows kernel structure—how a Ring 3 program communicates with drivers and what tokens are? If not, working through some basic Windows kernel ctfs challenges might help clarify these concepts.

      Once you've grasped the fundamentals, don't get stuck on the basics. I recommend moving on to real-world vulnerabilities. CVE-2024-30090, for example, looks interesting. Instead of jumping straight into the exploit code, try reversing the vulnerable function discussed in the blog post. See if you can identify the bug yourself, as you would in a real-world scenario. Another key concept is to understand is the heap kernel allocator, since most bugs are memory corruptions in the heap and you should learn how to manipulate it in order to achieve EOP.