The beginner-friendly guide to binary exploitation explains fundamental attack techniques such as Buffer Overflow and ROP (Return-Oriented Programming), with corresponding mitigations like SSP (Stack Smashing Protector) and ASLR (Address Space Layout Randomization) and their bypass. It also covers modern mitigations such as Arm MTE and Intel CET, giving you insights into how programs work and the ideas behind attacks and defenses.
Warning
This blog series is still a work in progress. The content may change without notice.
- Buffer Overflow
- Shellcode
- ROP (Return-Oriented Programming)
- FSA (Format String Attack)
- GOT (Global Offset Table) Overwrite
- ret2dlresolve
- Mitigation Bypasses (See the list below)
- glibc Heap Exploitation (TBD)
- NX bit
- SSP (Stack Smashing Protector)
- ASLR (Address Space Layout Randomization)
- PIE (Position-Independent Executable)
- RELRO (RELocation Read-Only)
- Intel CET (Control-Flow Enforcement Technology)
- Arm PAC (Pointer Authentication Code)
- Arm BTI (Branch Target Identification)
- Clang CFI (Control Flow Integrity)
- Arm MTE (Memory Tagging Extension)
- ASan (Address Sanitizer)
Feel free to point out any typos or mistakes through issues or pull requests. I also welcome questions and requests for topics you'd like me to cover. Writing blog posts takes time and effort, so support through GitHub Sponsors or other means really helps me stay motivated and create better content. Support doesn’t have to be financial; simply starring my projects on GitHub or leaving comments is also very encouraging.