Waterfalls

Nearly all applications, web servers, and web application environments are vulnerable to buffer overflows. Environments that are written in interpreted languages, such as Java and Python, are immune to the attacks, with the exception of overflows in their interpreter. These issues are particularly problematic in the programming language C/C++ as it does not have buffer overflow protection built in.

Buffer overflows are used in many of the exploits against vulnerable services. Most of these are pre-compiled by exploit developers. To be able to generate payloads locally, set up a Kali VM with the necessary tools, and a Windows VM with Immunity Debugger (on the same network).

---

Testlab

• Virtual machines
• Assemblers
• Compilers
• Disassemblers
• Debuggers
• Decompilers
• Exploit development
• Exploitation tools

---

Notes on techniques

• Introduction
• Stack operations and function-calling
• Linux x86 exploits

---

Coding

• Windows
• Linux

---

TryHackMe

• Introduction
• Using Immunity Debugger
• Example payload scripts
• Brainstorm
• Gatekeeper

Root-me

• Introduction
• ELF x86: Stack buffer overflow basic 1
• ELF x64: Basic heap overflow
• ELF x86: Stack buffer overflow basic 2
• ELF x86: Format string bug basic 1
• ELF x64: Stack buffer overflow basic
• ELF x86: Format string bug basic 2
• ELF x86: Race condition
• ELF ARM: Stack buffer overflow basic
• ELF x86: Stack buffer overflow basic 3
• ELF x86: Use after free basic
• ELF x86: BSS buffer overflow
• ELF x86: Stack buffer overflow basic 4
• ELF x86: Stack buffer overflow basic 6
• ELF x86: Format string bug basic 3
• ELF ARM: Basic ROP
• ELF x86: Stack buffer overflow C++ vtables
• ELF x86: Stack buffer overflow basic 5
• ELF x86: Remote format string bug

---