Software Security Exploitation

Hands-On Vulnerability Discovery & Exploit Development

January 1, 2024

Jan 2024 – Apr 2024
Skills: SDLC · Fuzz-Testing · Metasploit

I immersed myself in the mechanics of software vulnerabilities, combining manual review with automated fuzzing.

Code Audits: Inspected C projects for buffer overflows, injection flaws, and race conditions.
Threat Modeling: Applied Microsoft SDL principles to identify risk areas early in development.
Exploit Development: Created a Metasploit module targeting a Windows 7 FTP server buffer overflow.

Building real exploits taught me not just where bugs hide, but how to architect code defensively.