Binary Exploitation Tutorials
Inspired by Insiders 'Exploit Tutorial' thread ( ) I figured since we don't have much on this topic I'd put together a list of some of the solid resources out there for binary exploitation. One requirement for this list is that I'm focusing on free, online resources. If you want to add something don't add paid courses, or books, or anything else that isn't freely accessed online and, naturally this is for binary exploitation only.

Introduction to Software Exploitation -

In my opinion this is the best resource out there for learning the basics. It covers the basics, you won't learn about modern mitigations but you'll learnt he core concepts that haven't changed.

Corelan Exploit Writting Tutorials -

There are 11 parts to the tutorials starting with the linked one. It is Windows focused and it starts on familiar ground if you did the OpenSecurityTraining course but quickly gets into material not covered by that course such as dealing with stack canaries, and writing egghunters. If you're thinking you just want to hack servers running Linux, don't worry just because there is a windows focus and some of the cotent is more applicable to exploiting windows machines its good to learn and the knowledge does transfer.

Exploits 2: Exploitation in the Windows Environment -

Another OpenSecurityTraining course, this time focused on windows techniques. It covers much of the same material the Corelan tutorials cover so you might find yourself skipping stuff(be sure to do the labs though).

Modern Windows Exploit Development -

Yet another windows focuses resource, you'll find a lot of stuff is happening in the windows world now because of the malware industry using exploits to infect. This is a nice resource that covers multiple browser exploits right through to exploitation in IE10 and IE11. You'll also get exposure to dealing with EMET which is the Windows exploit mitigation system.

Project Zero -

Okay, this one is a blog but they often post good write-ups of modern exploits. Its worth following, always good quality.

Heap Exploitation

Heap Exploitation, seriously there is so much awesomeness in heap exploits but its damn hard because you need to understand the system to full carry one out. Not only do you have to overwrite some data, but you need to overwrite it in such a way so that when its operated upon it it leads to doing what you want. And what you want it to do is modify other areas so that when those areas are acted upon you'll start to get some control...there is a lot of indirection in heap exploits. Its covered a bit in the above resources but these are the classic resources.

Vudo Malloc Tricks -
Once Upon a Free() -
Advanced Doug Lea's malloc exploits -
Exploiting the Wilderness -

Four classic papers on heap exploitation. They are indeed classics but are for vulnerabilities that no longer exist. Yet they are not a waste, like I said they are classics and understanding the old methodolgy helps with the newer techniques.

Malloc Maleficarum -

Back in 2005 after the above exploits had been patched this paper was released. Its purely theoretical, no walk through or demo code. This paper was merely to open the minds of hackers to the possibility that heap exploitation was still a possibility and detailed several attacks that were still viable after the inital patches. Some of these attacks are still viable today in the current Linux allocator ptmalloc2.

.aware eZine Alpha - House of Mind -

In 2006, a practical paper was released detailing exploitation of one of the attacks from Malloc Maleficarum: House of Mind. This is a practical walk through of some exploitable code.

Malloc Des-Maleficarum -

More of the attacks from Malloc Maleficarum are proven in this paper, walkthrough and just good, eye-opening exploitation.

The House Of Lore: Reloaded -

It took all the way until 2010 for House of Lore from the Maleficarum paper to fall from he same guy who wrote Des-Maleficarum he finished the job.


If you're looking for more...especially more modern or exotic stuff consider reading CTF write-ups. CTF organizers often keep on top of new exploit development 'trends' and will base challenges on them. So in the write-ups you get all the cool stuff without the extras hassles that come from big, modern systems.

Feel free to add your own resources, I'll probably add more tomorrow.
Now this is a nice compilation and I have been thinking lately about starting a thread somewhat similar to this. I have some resource links as well which I will share soon and then we can update this thread and make it sticky. Smile
(10-28-2015, 07:56 PM)Psycho_Coder Wrote: Now this is a nice compilation and I have been thinking lately about starting a thread somewhat similar to this. I have some resource links as well which I will share soon and then we can update this thread and make it sticky. Smile

Good idea, stuck
Nice list of resources! Can't say I know anything about Binary-Exploitation, I should probably have C or C++ as prerequisites first? Or was it assembly? I think I heard something about that.
Sticking this thread! Great resource starter Smile

Possibly Related Threads…
Thread Author Replies Views Last Post
  Binary Exploitation Tutorials (Videos) Insider 0 671 09-16-2020, 08:30 PM
Last Post: Insider
  Windows exploitation Insider 1 1,550 07-14-2020, 09:24 PM
Last Post: Insider
  Whitepapers: Exploits, Kernel exploitation and more... (Resources) Insider 0 783 07-07-2020, 08:31 PM
Last Post: Insider
  Exploit Writing Tutorials (Corelan) Insider 3 2,345 07-01-2020, 02:16 PM
Last Post: Vector