Client-side attacks are often the easiest method of getting into a secured environment. We understand that through the clever use of different attack vectors an attacker is able to take advantage of the inexperience or kindness of our users in order to gain access to client-side computers. Developers are often unable to check for every possible flaw in their programs in the timeframes they are allotted and as such many of these vulnerabilities remain undiscovered by the quality assurance teams and developers.

In this chapter, we have had a chance to not only learn about buffer overflow vulnerabilities, but actually create our own vulnerable application. We then took advantage of this vulnerability using manual techniques as well as automated fuzzing tools such as sfuzz and bed. We learned how to create our own modules and also how to modify existing modules to fit our specific needs.

In addition, we discussed Fast-Track and the Social Engineering Toolkit and walked through setting...