We covered how client-side exploits generally work by manipulating the heap to work in the attacker’s favor. We covered how NOP instructions work within an attack and how to use the basics of a debugger. You’ll learn more about leveraging a debugger in Chapter 14 and Chapter 15. MS11-006 was a stack-based overflow, which we will cover in depth in later chapters. Note that your success rate with these types of attacks resides in how much information you gain about the target before you attempt to perform the attacks.

As a penetration tester, every bit of information can be used to craft an even better attack. In the case of spear-phishing, if you can talk the language of the company and target your attacks against smaller business units within the company that probably aren’t technical in nature, your chances of success greatly increase. Browser exploits and file format exploits are typically very effective, granted you do your homework. We’ll cover this topic in more detail in Chapter 8 and Chapter 10.