- LiveOverflow: Binary Exploitation / Memory Corruption (Playlist)
- 247 CTF: Integer Overflows
- 247 CTF: When Integer Overflows attack
- Busra Demir: Exploit Development (Playlist)
- CoolCamera: Reverse Engineering For Beginners (Playlist)
- Exploit writing tutorial part 1: Stack Based Overflows
- Exploit writing tutorial part 2: Stack Based Overflows - jumping to shellcode
- Exploit writing tutorial part 3: SEH Based Exploits
- Exploit writing tutorial part 3b: SEH Based Exploits - just another example
- Exploit writing tutorial part 3: From Exploit to Metasploit - The basics
- Exploit writing tutorial part 5: How debugger modules & plugins can speed up basic exploit development
- Exploit writing tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOOP, HW DEP and ASLR
- Exploit writing tutorial part 7: Unicode - from 0x00410041 to calc
- Exploit writing tutorial part 8: Win32 Egg Hunting
- Exploit writing tutorial part 9: Introduction to Win32 shellcoding
- Exploit writing tutorial part 10: Changing DEP with ROP - the Rubik's Cube
- Exploit writing tutorial part 11: Heap Spraying Demystified
- Start to write Immunity Debugger PyCommands: my cheatsheet
- Ken Ward ZIpper exploit write-up on abyssec.com
- Exploiting Ken Ward Zipper: Taking advantage of payload conversion
- Hack Notes: ROP retn+offset and impact on stack setup
- Hack Notes: Ropping eggs for breakfast
- Universal DEP/ASLR bypass with msvcr71.dll and mona.py
- WoW64 Egghunter
- Debugging Fun - Putting a process to sleep()
- Jingle BOFs, Jingle ROPs, Spliting all the things... with Monva v2!!
- Root Cause Analysis - Memory Corruption Vulnerabilities
- Heap Layout Visualization with mona.py and WinDBG
- DEPS - Precise Heap Spray on Firefox and IE10
- Root Cause Analysis - Integer Overflows
- Windows Exploit Development - Part 1: The Basics
- Windows Exploit Development - Part 2: Intro to Stack Based Overflows
- Windows Exploit Development - Part 3: Changing Offsets and Rebased Modules
- Windows Exploit Development - Part 4: Locating Shellcode With Jumps
- Windows Exploit Development - Part 5: Locating Shellcode With Egghunting
- Windows Exploit Development - Part 6: SEH Exploits
- Windows Exploit Development - Part 7: Unicode Buffer Overflows
- Part 1: Introduction to Exploit Development
- Part 2: Saved Return Pointer Overflows
- Part 3: Structured Exception Handler (SEH)
- Part 4: Egg Hunters
- Part 5: Unicode 0x00410041
- Part 6: Writing W32 shellcode
- Part 7: Return Oriented Programming
- Part 8: Spraying the Heap [Chaper 1: Vanilla EIP] - Putting Needles in the Haystack
- Part 9: Spraying the Heap [Chaper 2: Use-After-Free] - Finding the needle in a Haystack
- Part 10: Kernel Exploitation -> Stack Overflow
- Part 11: Kernel Exploitation -> Write-What-Where
- Part 12: Kernel Exploitation -> Null Pointer Dereference
- Part 13: Kernel Exploitation -> Uninitialized Stack Variable
- Part 14: Kernel Exploitation -> Integer Overflow
- Part 15: Kernel Exploitation -> UAF
- Part 16: Kernel Exploitation -> Pool Overflow
- Part 17: Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)
- Part 18: Kernel Exploitation -> RS2 Bitmap Necromancy
- Part 19: Kernel Exploitation -> Logic bugs in Razer rzpnk.sys
- Heap Overflows For Humans 101
- Heap Overflows For Humans 102
- Heap Overflows For Humans 102.5
- Heap Overflows For Humans 103
- Heap Overflows For Humans 103.5
- Part 1: Introduction to Linux Exploit Development
- Part 2: Linux Format String Exploitation
- Part 3: Buffer Overflow [Pwnable.kr -> bof]
- Part 4: Use-After-Free [Pwnable.kr -> uaf]
- Level 1: Classic Stack Based Overflow
- Level 1: Integer Overflow
- Level 1: Off-By-One (Stack Based)
- Level 2: Bypassing NX bit using return-to-libc
- Level 2: Bypassing NX bit using chained return-to-libc
- Level 2: Bypassing ASLR:
- Level 3: Heap overflow using unlink
- Level 3: Heap overflow using Malloc Maleficarum
- Level 3: Off-By-One (Heap Based)
- Level 3: Use After Free
- Part 1: Stack-based Buffer Overflow exploitation to shell example
- Part 2: Stack-based Buffer Overflow exploitation to shell by example
- Part 3: Stack-based Buffer Overflow exploitation to shell by example
- Part 4: Stack-based Buffer Overflow exploitation to shell by example
- Part 1: Setting up the Environment
- Part 2: Stack Overflow
- Part 3: Arbitrary Memory Overwrite
- Part 3: Pool Feng-Shui -> Pool Overflow
- Part 5: NULL Pointer Dereference
- Part 6: Uninitialized Stack Variable
- Part 7: Uninitialized Heap Variable
- Part 8: Use After Free
- Part 0: Dev Setup & Advice
- Part 1: Stack Buffer Overflow Intro
- Part 2: JMP to Locate Shellcode
- Part 3: Egghunter to Locate Shellcode
- Part 4: Overwriting SEH with Buffer Overflows
- Part 5: Return Oriented Programming Chains
- HITB 2004: Windows Local Kernel Exploitation by S.K. Chong
- Blackhat: Attacking the Windows Kernel by Jonathan Lindsay
- Blackhat: Remote and Local Exploitation of Network Drivers by Yuriy Bulygin
- I2OMGMT Driver Impersonation Attack by Justin Seitz
- There's a party at ring0.... by Tavis Ormandy & Julien Tinnes
- GDT and LDT in Windows Kernel Vulnerability Exploitation by Matthew Jurczyk and Gynvael Coldwind
- Safely Searching Process Virtual Address Space
- Exploiting Freelist[0] On XP SP2
- Blackhat: Heap Feng Shui in JavaScript
- Blackhat: Return-oriented Programming: Exploitation without Code Injection
- Defeating DEP, the Immunity Debugger way
- Blackhat: Practical Windows XP/2003 Heap Exploitation
- Interpreter Exploitation: Pointer Inference and JIT Spraying
- Pwn2Own 2010 Windows 7 IE8 exploit
- The Arashi
- 0xdabbad00: Hurdles for a beginner to explit a simple vulnerability on modern Windows
- Infosecinstitute: Debugging Fundamentals for Exploit Development
- Rayfayhackingarticles: From A Minor Bug To Zero Day - Exploit Development
- Avicoder: Smashing the Stack for Fun & Profit: Revived
- GitHub PrateekJain90: Exploiting Format String Vulnerabilities
- Phrack Magazine: Win32 Buffer Overflows
- Ricardo Narvaja: Reversing and Exploiting using free tools
- sghosh2402: Understanding & Exploiting stack based Buffer Overflows
- VulnServer: Exploiting TRUN Command via Vanilla EIP Overwrite
- CTP/OSCE Prep - Boofuzzing Vulnserver for EIP Overwrite
-
x86/64 bit system architecture:
-
Microsoft Docs: Windows registry information for advanced users
-
Microsoft Docs: x86 Architecture
-
Heap Exploitation Techniques: GitHub
-
Exploiting More Binaries by Using Planning to Assemble ROP Attacks