Step-by-step stack-based exploitation techniques. This information aims at helping both beginners and experienced users better understand the underlaying concepts of some of the most common exploitation techniques. It is also useful to get hands-on with PWN/Binary Exploitation category in CTFs.
Binary exploitation (PWN) tutorials to help you understand the foundations of stack-based exploitation techniques.
- Basic Concepts:
- Endianness https://www.youtube.com/watch?v=T8E_JRqN0fY
- Global Offset Table (GOT) and Procedure Linkage Table (PLT) https://www.youtube.com/watch?v=B4-wVdQo040
- How to debug the exploit https://www.youtube.com/watch?v=CWxDhp0OFzI
- Exploitation Techniques:
- Buffer Overflow Foundations https://www.youtube.com/watch?v=0_merdYty4Y
- Buffer Overflow to overwrite memory with arbitrary values https://www.youtube.com/watch?v=DiyFDCuyPqg
- Execution Flow Hijacking (ret2win) https://www.youtube.com/watch?v=-VUtXwDm5yQ
- Shellcode Execution (ret2shellcode) https://www.youtube.com/watch?v=6Yiupj3XHrM
- Integer Overflow / Underflow https://www.youtube.com/watch?v=Mfaq4PW8H1I
- Format String https://www.youtube.com/watch?v=0-ulL3Y0MS8
- PIE and Canary Bypass https://www.youtube.com/watch?v=FpKL2cAlJbM
- GOT overwrite https://www.youtube.com/watch?v=9SWYvhY5dYw
- Return Oriented Programming (ROP) https://www.youtube.com/watch?v=8zRoMAkGYQE
- Return to Libc (ret2libc) https://www.youtube.com/watch?v=TTCz3kMutSs
- Making stack executable with malicious mprotect call https://www.youtube.com/watch?v=r_tysAKIELs
- Advanced Format String
- vfprintf internal buffer https://www.youtube.com/watch?v=K690__BET10
- Abusing %s and %n https://www.youtube.com/watch?v=FF8SRxMP8Bc