Finding a vulnerability in a software system is only the beginning of a long and arduous journey on your way to getting a reliable exploit working. Immunity Debugger has many design features in place to make this journey a little easier on the exploit developer. We will develop some PyCommands to speed up the process of getting a working exploit, including a way to find specific instructions for getting EIP into our shellcode and to determine what bad characters we need to filter out when encoding shellcode. We'll also use the !findantidep PyCommand that comes with Immunity Debugger to assist in bypassing software data execution prevention (DEP).^[29] Let's get started!