▲ 14 r/ExploitDev+1 crossposts

Buffer Overflow Tutorial for Beginners and new CTF players

If you are new to the world of exploit development and need a solid entry level challenge this week we look at "bof". This is a binary challenge hosted on pwnable[.]kr covering the topic of a Buffer Overflow.

This is what many consider to be their first exploit type written (it was mine), and this particular challenge approaches it in a way you will truly understand how to adapt to situations in which the buffer overflow is not necessarily "vanilla" exploitation.

By the end of this tutorial you should have:

- Learned how to exploit a Buffer Overflow, WITHOUT OVERWRITING THE RETURN ADDRESS!!!
- Learned how to use GDB (raw)
- Learned the basics of hook stops within GDB
- Learned how to approach a CTF challenge with speed or precision (or both depends on what you decide)
- Learned how to find offsets that are small and don't require the use of tooling such as pattern_offset

I wanna thank Center for Cyber Security Training for continuing to help sponsor the channel and their support.

You can find the video here:

https://youtu.be/A-P2bhxzK1Y?si=CcKd2lAZysRaCfCD

u/AdvisorPowerful9769 — 11 days ago

Introduction to the DOM for Vulnerability Researchers

This week we are back following along RET2's free portion of their "Fundamentals of Browser Exploitation" course and in this video, we'll be covering THE DOM!

This is yet another beginner friendly tutorial and this knowledge is what I would consider cross applicable since we'll be looking at vulnerabilities such as a UAF or Use-After-Free.

Of course, we are only scratching the surface, but it highlights the need for the fundamentals! If you can ride a bike, you can probably ride a motorcycle if the situation needed it!

You can find my video going over RET2's "Browser Components & the DOM" section here:

youtu.be
u/AdvisorPowerful9769 — 18 days ago

RET2 - Introduction to the DOM for Vulnerability Researchers??

Wu-Tang, u/wetw0rk7, RET2 Systems, Inc., and last but not least Center for Cyber Security Training IS FOR THE CHILDREN!!! This week I'm following along RET2 Systems, Inc.'s free portion of their "Fundamentals of Browser Exploitation" course and in this video, we'll be covering THE DOM!

This is yet another beginner friendly tutorial and this knowledge is what I would consider cross applicable since we'll be looking at vulnerabilities such as a UAF or Use-After-Free.

Of course, we are only scratching the surface, but it highlights the need for the fundamentals! If you can ride a bike, you can probably ride a motorcycle if the situation needed it!

You can find my video going over RET2's "Browser Components & the DOM" section here:

https://youtu.be/Pwta5nZtVNA?si=ilsPBY35-bWu7FLm

u/AdvisorPowerful9769 — 19 days ago