Most exploits are based on buffer overruns/overflows. There have been some tuts on this subject here, my favorite being by zxtech
You can find it here:
http://www.antionline.com/showthread...hreadid=113482

This will help because the first thing to know in exploit detection, is to understand what causes them. (It might be a bit hard to understand depending on how well you understand c)

Also i found a sample of discovering a vulnerability, and subsequently exploiting it at @stake

A good file that i have kicking around which explains in pretty simple detail (easy to understand) how the stack works pertaining to buffer overflows. Its attached at the bottom.

Hope this helps