Over the past few weeks I've been completing work on a Secure C/C++ Coding course. The course is for programmers and code reviewers, helping to prepare them for the Secure Coding certification and to teach them how to avoid the most common coding errors in C.
Along the way, I created a module in the course to demonstrate how vulnerabilities are exploited. In the meantime I got an invitation to do an evening presentation at the SANS New Orleans and Orlando conferences, so I turned it into a "How to Find and Exploit Buffer Overflows Step by Step." As long as I was going to all of that work, I decided it would be worthwhile to add a few slides to demonstrate how to turn it into a Metasploit exploit module.
The screencast should be pretty easy to follow, but if you have any questions, please feel free to post them here as comments!
For a comprehensive course on how to identify critical controls, validate that the correct controls are in place and validate processes, consider the SANS 6 day course, "Advanced System & Network Auditing". David Hoelzer is theSANS IT Audit Curriculum Lead and the author of several SANS IT Audit related courses.