Snippets
Created by
Alexander Hanel
last modified
This document is in fieri, and, as such, will be subject to change in the near future.
My intention with this document is for it to be somewhat of a recommended reading list for the aspiring hacker.
I have tried to order the articles by technique and chronology.
- sar
Buffer overflows:
How to write buffer overflows, mudge, 1995
Smashing the stack for fun and profit, Aleph One, 1996
The Frame Pointer Overwrite, klog, 1999
win32 buffer overflows, dark spyrit, 1999
Return-into-lib / Return oriented programming:
Getting around non-executable stack (and fix) (First public description of a return-into-libc exploit), Solar Designer, 1997
More advanced ret-into-lib(c) techniques, Nergal, 2001
On the effectiveness of address-space randomization, , 2004
Borrowed code chunks exploitation technique, Sebastian Krahmer, 2005
The Geometry of Innocent Flesh on the Bone: Return-into-libc without function calls, Hovav Shacham, 2007
Defeating DEP, the Immunity Debugger way, Pablo Sole,2008
The Case of Return-Oriented Programming and the AVC Advantage, 2009
Practical Return-Oriented Programming, Dino A. Dai Zovi, 2010
Heap exploitation:
w00w00 on heap overflows, Matt Conover, 1999
Vudo - An object superstitiously believed to embody magical powers, Michel "MaXX" Kaempf, 2001
Once upon a free(), anonymous author, 2001
Advanced Doug Lea's malloc exploits, jp, 2003
Exploiting the wilderness, Phantasmal Phantasmagoria, 2004
Malloc Maleficarum, Phantasmal Phantasmagoria, 2005
Yet another free() exploitation technique, huku, 2009
Format string exploitation:
Exploiting format string vulnerabilities, scut / Team-TESO, 2001
Advances in format string exploitation, gera, 2002
An alternative method in format string exploitation, K-sPecial, 2006
Integer overflows:
Big Loop Integer Protection, Oded Horovitz, 2002
Basic Integer Overflows, blexim, 2002
Null-ptr dereference:
Large memory management vulnerabilities, Gael Delalleau, 2005
Exploiting the Otherwise Non-exploitable on Windows, skape, 2006
Vector rewrite attack, Barnaby Jack, 2007
Application-Specific Attacks: Leveraging the ActionScript Virtual Machine, Mark Dowd, 2008
JIT-spray:
Pointer inference and JIT-Spraying, Dion Blazakis, 2010
Writing JIT shellcode for fun and profit, Alexey Sintsov, 2010
Other:
Overwriting the .dtors section, Juan M. Bello Rivas, 2000
Abusing .CTORS and .DTORS for fun 'n profit, Izik, 2006
Unorganized:
- http://blog.zynamics.com/2010/03/12/a-gentle-introduction-to-return-oriented-programming/
- http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf exploit null ptr dereference
- http://www.phrack.com/issues.html?issue=57&id=18
- http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf
- http://www.usenix.org/events/sec05/tech/full_papers/kruegel/kruegel_html/attack.html
- http://cansecwest.com/core05/memory_vulns_delalleau.pdf Large memory management vulnerabilities, Gael Delalleau, 2005
- http://timetobleed.com/defeating-the-matasano-c-challenge-with-aslr-enabled/
- http://www.corelan.be:8800/index.php/category/security/exploit-writing-tutorials/
- http://hackitoergosum.org/wp-content/uploads/2010/04/HES10-jvanegue_zero-allocations.pdf
- http://www.ruxcon.org.au/files/2006/unusual_bugs.pdf
- http://www.phrack.com/issues.html?issue=64&id=6, Attacking the Core : Kernel Exploiting Notes, 2007
- http://lkml.org/lkml/2010/5/27/490
- http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf
- http://blog.ksplice.com/2010/04/exploiting-kernel-null-dereferences/
- http://www.ruxcon.org.au/files/2006/unusual_bugs.pdf
- http://eeyeresearch.typepad.com/blog/2006/08/post_ms06035_ma.html
- http://www.phrack.org/phrack/63/p63-0x0e_Shifting_the_Stack_Pointer.txt
- http://seclists.org/vuln-dev/2002/Nov/att-0056/0
- http://www.pine.nl/press/pine-cert-20030101.txt
- http://seclists.org/bugtraq/2000/Jan/0016.html
ASLR
Aslr Smack and Laugh Reference
- www-users.rwth-aachen.de/Tilo.Mueller/ASLRpaper.pdf
Advanced Buffer Overflow Methods
- cs.tau.ac.il/tausec/lectures/Advanced_Buffer_Overflow_Methods.ppt
Smack the Stack
- sts.synflood.de/dump/doc/smackthestack.txt
Exploiting the random number generator to bypass ASLR
- blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-whitepaper.pdf
Wikipedia on ASLR
- en.wikipedia.org/wiki/Address_space_layout_randomization
Bypassing Memory Protections: The Future of Exploitation
- usenix.org/events/sec09/tech/slides/sotirov.pdf
On the Effectiveness of Address-Space Randomization
- stanford.edu/~blp/papers/asrandom.pdf
Exploiting with linux-gate.so.1
- milw0rm.com/papers/55
Circumventing the VA kernel patch For Fun and Profit
- milw0rm.com/papers/94
Defeating the Matasano C++ Challenge
- timetobleed.com/defeating-the-matasano-c-challenge-with-aslr-enabled/
Bypassing PaX ASLR protection
- phrack.com/issues.html?issue=59&id=9
Thoughts about ASLR, NX Stack and format string attacks
- nibbles.tuxfamily.org/?p=1190
Return-into-libc without Function Calls
- cseweb.ucsd.edu/~hovav/dist/geometry.pdf
Linux ASLR Curiosities. Tavis Ormandy. Julien Tinnes
- cr0.org/paper/to-jt-linux-alsr-leak.pdf
- corelan.be:8800/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
- securitytube.net/Exploiting-a-buffer-overflow-under-Linux-kernel-2.6-with-ASLR-through-ret2reg-video.aspx
- securitytube.net/Bypassing-the-Linux-Kernel-ASLR-and-Exploiting-a-Buffer-Overflow-Vulnerable-Application-with-ret2esp-video.aspx
- securitytube.net/Exploiting-Buffer-Overflows-on-kernels-with-ASLR-enabled-using-Brute-Force-on-the-Stack-Layer-video.aspx
- http://ilm.thinkst.com/folklore/index.shtml
- http://www.corelan.be:8800/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
Comments (1)
You can clone a snippet to your computer for local editing. Learn more.
goodreads.com/user/show/177488397-editsiz-serverler twitch.tv/editsizserverler behance.net/editsizserverl instapaper.com/p/14184805 coub.com/metin2-pvpserverler myanimelist.net/profile/editsizserverler worldcosplay.net/member/1754620 onmogul.com/editsiz-serverler metin2pvpserverler.hashnode.dev/metin2-pvp-serverler gaiaonline.com/profiles/editsizserverler/46656672/ leetcode.com/editsizserverler/ coolors.co/u/editsiz_serverler unsplash.com/@editsizserverler metin2-pvp-serverler.jimdosite.com/ zazzle.com/mbr/238039878416461152 brownbook.net/business/52637466/metin2-pvp-serverler community.tubebuddy.com/index.php?members/205346/#about reedsy.com/discovery/user/editsizserverler hackerearth.com/@editsizserverlerorg wakelet.com/wake/7OIcdWsbjqXHh82vRa9ZZ peatix.com/user/21877725/view penzu.com/public/eef09aac2dcbfc71 experiment.com/users/eeditsizserverler pearltrees.com/editsizserverler wefunder.com/editsizserverler imageevent.com/editsizserverler ourclass.mn.co/members/23696284 friendtalk.mn.co/members/23696354 slides.com/editsizserverler roosterteeth.com/g/user/EditsizServerler/activity opencollective.com/editsiz-serverler pastelink.net/erd7vohi fairygodboss.com/users/profile/48WIpe-gxe/editsizserverler codingame.com/profile/e076eaf315403d3ed090624d8cdccc234708506 jigsawplanet.com/editsizserverler?viewas=3d85ff6a3ee9 jsfiddle.net/editsizserverler/x0sorwL5/6/ jsfiddle.net/editsizserverler/x0sorwL5/7/ jsfiddle.net/editsizserverler/x0sorwL5/8/ jsfiddle.net/editsizserverler/x0sorwL5/9/ jsfiddle.net/editsizserverler/x0sorwL5/10/ jsfiddle.net/editsizserverler/x0sorwL5/11/ jsfiddle.net/editsizserverler/x0sorwL5/12/ jsfiddle.net/editsizserverler/x0sorwL5/13/ jsfiddle.net/editsizserverler/x0sorwL5/14/ jsfiddle.net/editsizserverler/x0sorwL5/15/ jsfiddle.net/editsizserverler/x0sorwL5/16/ jsfiddle.net/editsizserverler/x0sorwL5/17/ jsfiddle.net/editsizserverler/x0sorwL5/18/ jsfiddle.net/editsizserverler/x0sorwL5/19/ jsfiddle.net/editsizserverler/x0sorwL5/20/ jsfiddle.net/editsizserverler/x0sorwL5/21/ jsfiddle.net/editsizserverler/x0sorwL5/22/ jsfiddle.net/editsizserverler/x0sorwL5/23/ jsfiddle.net/editsizserverler/x0sorwL5/24/ jsfiddle.net/editsizserverler/x0sorwL5/25/ jsfiddle.net/editsizserverler/x0sorwL5/26/ jsfiddle.net/editsizserverler/x0sorwL5/27/ jsfiddle.net/editsizserverler/x0sorwL5/28/ jsfiddle.net/editsizserverler/x0sorwL5/29/ jsfiddle.net/editsizserverler/x0sorwL5/30/ jsfiddle.net/editsizserverler/x0sorwL5/31/ jsfiddle.net/editsizserverler/x0sorwL5/32/ jsfiddle.net/editsizserverler/x0sorwL5/33/ jsfiddle.net/editsizserverler/x0sorwL5/34/ jsfiddle.net/editsizserverler/x0sorwL5/35/ jsfiddle.net/editsizserverler/x0sorwL5/36/ jsfiddle.net/editsizserverler/x0sorwL5/37/ jsfiddle.net/editsizserverler/x0sorwL5/38/ jsfiddle.net/editsizserverler/x0sorwL5/39/ jsfiddle.net/editsizserverler/x0sorwL5/40/ jsfiddle.net/editsizserverler/x0sorwL5/41/ jsfiddle.net/editsizserverler/x0sorwL5/42/ jsfiddle.net/editsizserverler/x0sorwL5/43/ jsfiddle.net/editsizserverler/x0sorwL5/44/ jsfiddle.net/editsizserverler/x0sorwL5/45/ jsfiddle.net/editsizserverler/x0sorwL5/46/ jsfiddle.net/editsizserverler/x0sorwL5/47/ jsfiddle.net/editsizserverler/x0sorwL5/48/ jsfiddle.net/editsizserverler/x0sorwL5/49/ jsfiddle.net/editsizserverler/x0sorwL5/50/ jsfiddle.net/editsizserverler/x0sorwL5/51/ jsfiddle.net/editsizserverler/x0sorwL5/52/ jsfiddle.net/editsizserverler/x0sorwL5/53/ jsfiddle.net/editsizserverler/x0sorwL5/54/ jsfiddle.net/editsizserverler/x0sorwL5/55/ jsfiddle.net/editsizserverler/x0sorwL5/56/ jsfiddle.net/editsizserverler/x0sorwL5/57/ jsfiddle.net/editsizserverler/x0sorwL5/58/ jsfiddle.net/editsizserverler/x0sorwL5/59/ jsfiddle.net/editsizserverler/x0sorwL5/60/ jsfiddle.net/editsizserverler/x0sorwL5/61/ jsfiddle.net/editsizserverler/x0sorwL5/62/ jsfiddle.net/editsizserverler/x0sorwL5/63/ jsfiddle.net/editsizserverler/x0sorwL5/64/ jsfiddle.net/editsizserverler/x0sorwL5/65/ jsfiddle.net/editsizserverler/x0sorwL5/66/ jsfiddle.net/editsizserverler/x0sorwL5/67/ jsfiddle.net/editsizserverler/x0sorwL5/68/ jsfiddle.net/editsizserverler/x0sorwL5/69/ jsfiddle.net/editsizserverler/x0sorwL5/70/ jsfiddle.net/editsizserverler/x0sorwL5/71/ jsfiddle.net/editsizserverler/x0sorwL5/72/ jsfiddle.net/editsizserverler/x0sorwL5/73/ jsfiddle.net/editsizserverler/x0sorwL5/74/ jsfiddle.net/editsizserverler/x0sorwL5/75/ jsfiddle.net/editsizserverler/x0sorwL5/76/ jsfiddle.net/editsizserverler/x0sorwL5/77/ jsfiddle.net/editsizserverler/x0sorwL5/78/ jsfiddle.net/editsizserverler/x0sorwL5/79/ jsfiddle.net/editsizserverler/x0sorwL5/80/ jsfiddle.net/editsizserverler/x0sorwL5/81/ jsfiddle.net/editsizserverler/x0sorwL5/82/ jsfiddle.net/editsizserverler/x0sorwL5/83/ jsfiddle.net/editsizserverler/x0sorwL5/84/ jsfiddle.net/editsizserverler/x0sorwL5/85/ jsfiddle.net/editsizserverler/x0sorwL5/86/ jsfiddle.net/editsizserverler/x0sorwL5/87/ jsfiddle.net/editsizserverler/x0sorwL5/88/ jsfiddle.net/editsizserverler/x0sorwL5/89/ jsfiddle.net/editsizserverler/x0sorwL5/90/ jsfiddle.net/editsizserverler/x0sorwL5/91/ jsfiddle.net/editsizserverler/x0sorwL5/92/ jsfiddle.net/editsizserverler/x0sorwL5/93/ jsfiddle.net/editsizserverler/x0sorwL5/94/ jsfiddle.net/editsizserverler/x0sorwL5/95/ jsfiddle.net/editsizserverler/x0sorwL5/96/ jsfiddle.net/editsizserverler/x0sorwL5/97/ jsfiddle.net/editsizserverler/x0sorwL5/98/ jsfiddle.net/editsizserverler/x0sorwL5/99/ jsfiddle.net/editsizserverler/x0sorwL5/100/ intensedebate.com/people/johnhenry2233 pxhere.com/en/photographer-me/4238660 longisland.com/profile/editsizserverler/ metin2-pvp-serverler.webflow.io/ anyflip.com/homepage/gwyra/preview pinshape.com/users/4109032-editsizserverlerorg allmyfaves.com/editsizserverler pexels.com/tr-tr/@editsiz-serverler-1225707393/ slideserve.com/editsizserverler archive.org/details/@editsizserverler divephotoguide.com/user/editsizserverler/ metal-archives.com/users/editsizserverler band.us/band/94702101 camp-fire.jp/profile/editsizserverler subscribe.ru/author/31420877 my.desktopnexus.com/blogamca/journal/metin2-pvp-serverler-49878/ replit.com/@editsizserverle fliphtml5.com/tr/homepage/pspuy/editsizserverlerorg/ free-ebooks.net/profile/1562629/editsiz-serverler qooh.me/editsizsrvl pubhtml5.com/homepage/exapj/ zzb.bz/Ib8s8 australian-school-holidays.mn.co/members/23780373 metin2pvpserverler.gallery.ru/ justpaste.it/eoa85 profile.hatena.ne.jp/editsizserverler/ indiegogo.com/individuals/37682987 taz.de/ list.ly/editsizserverlerorg/lists mypaper.pchome.com.tw/tomasvanek/post/1381781942 mypaper.pchome.com.tw/tomasvanek/post/1381781943 metin2pvpserverler.mystrikingly.com/ ted.com/profiles/46748800 play.eslgaming.com/player/20056929/ metin2pvpserverler.threadless.com/about knowyourmeme.com/users/editsiz-serverler active.popsugar.com/@editsizserverler/profile sitetanitimlari.seesaa.net/article/503120781.html sitetanitimlari.seesaa.net/article/502999078.html sitetanitimlari.seesaa.net/article/502585593.html sitetanitimlari.seesaa.net/article/502585551.html sitetanitimlari.seesaa.net/article/502585519.html sitetanitimlari.seesaa.net/article/502585492.html sitetanitimlari.seesaa.net/article/502585455.html sitetanitimlari.seesaa.net/article/498056830.html filmizle2018.blog.fc2.com/blog-entry-21.html filmizle2018.blog.fc2.com/blog-entry-26.html filmizle2018.blog.fc2.com/blog-entry-31.html ameblo.jp/sitetanitimlari/entry-12787859138.html connect.garmin.com/modern/profile/97fe48da-7177-4ae0-bf0e-34fbe1334538 reddit.com/user/uflee/ agario.buzzsprout.com/2066066/14949093-metin2 linkedin.com/posts/okeyoyna_metin2-ejderhalar-merhaba-metin2-oyununa-activity-7171861395326582784-UlrI/ linkedin.com/pulse/metin2-pvp-serverler-listeleri-okey-oyna-jyhpf/ blogger.com/profile/15166393869257970818 draft.blogger.com/profile/15166393869257970818 instagram.com/realokey/ blogger.com/profile/05227574979353865473 draft.blogger.com/profile/05227574979353865473 tumblr.com/onlineokey twitter.com/mt2org twitch.tv/okeyoynaa pinterest.com/a99io/ google.com/url?q=https://www.okeyoyna.com vimeo.com/846733433 wordpress.com/tr/forums/topic/metin2-pvp-tanirim-scpriti/ dailymotion.com/video/x8e47pq gravatar.com/realokey grepo.travelcarma.com/okeyoyna/okey-oyna beatstars.com/zaferozkel okeyoyunu.mystrikingly.com/ gamblingtherapy.org/user/okeyoyna public.tableau.com/app/profile/okey.oyna/vizzes okeyoyna.amebaownd.com/posts/53051499 wefunder.com/okey sovren.media/u/okeyoyna/ lazi.vn/user/okeyoyna gravatar.com/realokey soundcloud.com/okey-oyna okey-oyna.webflow.io/ guides.co/g/okey-oyna/372469 flickr.com/people/200607646@N08/ my.desktopnexus.com/realokey giantbomb.com/profile/okeyoyna/ giantbomb.com/profile/okeyoyna/blog/ encinitas.bubblelife.com/community/okey_oyna sites.bubblelife.com/users/okeyoynacom_a31336 fanart-central.net/user/okeyoyna/profile klse.i3investor.com/web/cube/blog/okeyoyna globalcatalog.com/okeyoyna.tr articlesjust4you.com/members/okeyoyna/ issuu.com/realokey audiomack.com/okeyoynacom/song/dj-okey-oyna-dii-kartal audiomack.com/okeyoynacom gitlab.nic.cz/okeyoyna ameblo.jp/okeyoyna/entry-12849563639.html ameblo.jp/okeyoyna/ profile.ameba.jp/ameba/okeyoyna nintendo-master.com/profil/okeyoyna band.us/band/94698085 pastelink.net/192agg8x pastelink.net/sxqkqqcx pastelink.net/do4ziud7 pastelink.net/9ebiqvd9 pastelink.net/urv9w3xn agario.buzzsprout.com/2066066/14949093-metin2 reverbnation.com/okeyoynacom disqus.com/by/efehanzkel/about/ hub.docker.com/u/okeyoyna tinhte.vn/members/okey-oyna.3017475/ openhumans.net/member/okeyoyna/ research.openhumans.org/member/okeyoyna/ openhumans.com/member/okeyoyna/ portfolium.com/okeyoyna anobii.com/en/0152c9fb8c9e13a07a/profile/activity gitlab.ifam.edu.br/okeyoyna peatix.com/group/16198815 peatix.com/user/21949084/view rapidapi.com/okeyoynacom/api/demo-project85460/details zillow.com/profile/okeyoynacom/ pinterest.com/a99io/ pinterest.ph/a99io/ pinterest.com/a99io/ pinterest.com.mx/a99io/ pinterest.it/a99io/ pinterest.fr/a99io/ pinterest.ca/a99io/ pinterest.jp/a99io/ pinterest.co.uk/a99io/ pinterest.de/a99io/ pinterest.es/a99io/ se.pinterest.com/a99io/ tr.pinterest.com/a99io/ ru.pinterest.com/a99io/ id.pinterest.com/a99io/ cs.pinterest.com/a99io/ es.pinterest.com/a99io/ pl.pinterest.com/a99io/ pt.pinterest.com/a99io/ br.pinterest.com/a99io/ co.pinterest.com/a99io/ nl.pinterest.com/a99io/ se.pinterest.com/a99io/ at.pinterest.com/a99io/ dk.pinterest.com/a99io/ in.pinterest.com/a99io/ ro.pinterest.com/a99io/ sk.pinterest.com/a99io/ fi.pinterest.com/a99io/ ar.pinterest.com/a99io/ freelance.habr.com/freelancers/okeyoyna 500px.com/p/okeyoyna?view=photos