Exploit Dev/Buffer Overflow
Guides
Penetration Testing: Stack based Buffer Overflow in Linux - pg. 361
Penetration Testing: Stack based Buffer Overflow in Windows- pg. 379
Penetration Testing: Structured Exception Handler Overwrites- pg. 401
Reference
Attacking Network Protocols: Memory Corruption Vulnerabilities - pg. 210
Training Platforms/Tools
Linux Userland Exploitation
Stack
Ret2 Systems (paid)
PWN Practice (mine)
Heap
Heaplab Udemy (paid)
Linux Kernel Exploitation
Kernel basics/dev
Exploitation
Kernel ROP (mine)
Windows Userland Exploitation
Browser Exploitation
Embedded Security
Training Videos
Examples
Tools
Frida - Inject arbitrary code into other applications!
Operator Handbook: Frida - pg.67
buffer-overflow - This tool is created in order to allow penetration testers / researchers to quickly test out simple buffer overflows, without having to write a line of code.
peda - PEDA - Python Exploit Development Assistance for GDB
pwntools - Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.
gef - A set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB.
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Vulnserver: http://www.thegreycorner.com/p/vulnserver.html
https://github.com/fkie-cad/cwe_checker - cwe_checker finds vulnerable patterns in binary executables
Last updated