One of the big misconceptions with penetration testing and exploitation of services today, is the prevalence of exploitable Remote Code Execution (RCE) vulnerabilities. The reality is that, the days of finding hundreds of easily exploitable services that only required an Internet Protocol (IP) address to be plugged into a tool are pretty much gone. You will still find vulnerabilities that can be exploited by overflowing the stack or heap, they are just significantly reduced or more complex. We will explain the reasons why, these are more difficult to exploit in today's software in Chapter 8, Exploit Development with Python, Metasploit, and Immunity, don't worry we will get to that.

So if you are expecting ...