This is mostly a reference for myself in my pwning endeavours. This contains my own write-ups/exploits of different challenges and useful exploit dev resources that helped me along the way. Maybe someone else also finds this useful ¯_(ツ)_/¯.
Note that this is a work in progress and will be updated continuously.
- My Write-ups
- Windows Exploit development
- Linux Exploit development
- Reverse Engineering
- Fuzzing
- Binary Exploitation Challenges
- Corelan – Exploit writing tutorial part 1 – Stack based overflows
- Corelan Exploit writing tutorial part 2 – Writing simple buffer overflow exploits
- Fuzzysecurity – Part 1: Introduction to Exploit Development
- Fuzzysecurity – Part 2: Saved Return Pointer Overflows
- Infosec Institute – Part 1: Introduction
- Infosec Institute – Part 2: Exploiting the stack overflow
- Infosec Institute – Part 3: Adding shellcode
- Security Sift – Part 1: Basics
- Security Sift – Part 2: Intro Stack Overflow
- Security Sift – Part 3: Changing offsets and rebased modules
- Security Sift – Part 4: Locating shellcode jumps
- Offensive Security – Quickzip stack bof 0day
- Sploitfun – Classic Stack Based Buffer Overflow
- Corelan – Part 3: SEH
- Corelan – Part 3b: Just another example
- Fuzzysecurity – Part 3: Structured Exception Handler (SEH)
- Infosec Institute – SEH Based Overflow Exploit Tutorial
- Infosec Institute – Writing SEH Exploits
- Security Sift – Part 6: SEH Exploits
- Fuzzysecurity – Part 8: Spraying the Heap
- Fuzzysecurity – What’s Going On Here b33f?
- Fuzzysecurity – Heap Overflows For Humans 101
- Fuzzysecurity – Heap Overflows For Humans 102
- Fuzzysecurity – Heap Overflows For Humans 102.5
- Fuzzysecurity – Heap Overflows For Humans 103
- Fuzzysecurity – Heap Overflows For Humans 103.5
- Infosec Institute –
- Heap Overflow: Vulnerability and Heap Internals Explained
- Fuzzysecurity – Egg Hunters
- Infosec Institute – Egghunter Exploitation Tutorial
- Security Sift – Part 5: Locating shellcode egghunting
- Whitehatters – Intro to Windows kernel exploitation 1/N: Kernel Debugging
- Whitehatters – Intro to Windows kernel exploitation 2/N: HackSys Extremely Vulnerable Driver
- Whitehatters – Intro to Windows kernel exploitation 3/N: My first Driver exploit
- Whitehatters – Intro to Windows kernel exploitation 3.5/N: A bit more of the HackSys Driver
- Remote Windows Kernel Exploitation - by Barnaby Jack [2005]
- windows kernel-mode payload fundamentals - by Skape [2006]
- exploiting 802.11 wireless driver vulnerabilities on windows - by Johnny Cache, H D Moore, skape [2007]
- Kernel Pool Exploitation on Windows 7 - by Tarjei Mandt [2011]
- Windows Kernel-mode GS Cookies and 1 bit of entropy - [2011]
- Subtle information disclosure in WIN32K.SYS syscall return values - [2011]
- nt!NtMapUserPhysicalPages and Kernel Stack-Spraying Techniques - [2011]
- SMEP: What is it, and how to beat it on Windows - [2011]
- Kernel Attacks through User-Mode Callbacks - by Tarjei Mandt [2011]
- Windows Security Hardening Through Kernel Address Protection - by Mateusz "j00ru" Jurczyk [2011]
- Reversing Windows8: Interesting Features of Kernel Security - by MJ0011 [2012]
- Smashing The Atom: Extraordinary String Based Attacks - by Tarjei Mandt [2012]
- Easy local Windows Kernel exploitation - by Cesar Cerrudo [2012]
- Using a Patched Vulnerability to Bypass Windows 8 x64 Driver Signature Enforcement - by MJ0011 [2012]
- MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit - [2013]
- KASLR Bypass Mitigations in Windows 8.1 - [2013]
- First Dip Into the Kernel Pool: MS10-058 - by Jeremy [2014]
- Windows 8 Kernel Memory Protections Bypass - [2014]
- An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113) - by Weimin Wu [2014]
- Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool - [2014]
- Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE 2015-0057) bug on both 32-bit and 64-bit - by Aaron Adams [2015]
- Exploiting MS15-061 Microsoft Windows Kernel Use-After-Free (win32k!xxxSetClassLong) - by Dominic Wang [2015]
- Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit - by Cedric Halbronn [2015]
- Abusing GDI for ring0 exploit primitives - by Diego Juarez [2015]
- Duqu 2.0 Win32k exploit analysis - [2015]
- Linux Format String Exploitation
- Infosec Institute – Format String Bug Exploration
- Automating format string exploits
- Infosec Institute – Intro to fuzzing
- Infosec Institute – Fuzzer automation with spike
- Infosec Institute – Sulley Fuzzing Framework Intro
- Infosec Institute – Fuzzing Vulnserver: Discovering Vulnerable Commands: Part 1
- Infosec Institute – Fuzzing Vulnserver with Peach: Part 2
- Infosec Institute – Fuzzing Vulnserver with Sulley: Part 3
- Peachfuzzer – Tutorial
- evilsocket.net – Fuzzing with AFL-Fuzz, a Practical Example
- Infosec Institute – Fuzzing – Mutation vs. Generation
- FoxgloveSecurity – Fuzzing workflows; a fuzz job from start to finish