Buffer Overflow Advanced
Course Description
Memory corruption vulnerabilities are among the most powerful. This course teaches exploitation techniques from basic stack overflows to advanced heap exploitation.
Learning Objectives
- Exploit stack-based buffer overflows
- Bypass modern protections (ASLR, DEP, Canaries)
- Build ROP chains for code execution
- Understand heap exploitation techniques
- Develop reliable exploits
- Analyze real-world vulnerabilities
Course Structure
Modules
Module 1: Memory Fundamentals (5h)
- Process memory layout
- Stack operations
- Heap basics
- Calling conventions
- x86/x64 differences
Module 2: Stack Buffer Overflows (8h)
- Classic stack overflow
- Return address overwrite
- EIP/RIP control
- Finding offsets
- Crash analysis
Module 3: Shellcode Development (8h)
- Writing shellcode
- Avoiding bad characters
- Encoder usage
- Staged payloads
- Position-independent code
Module 4: Protection Mechanisms (6h)
- Stack canaries
- ASLR explained
- DEP/NX bit
- SafeSEH
- CFG
Module 5: DEP Bypass (6h)
- Return-to-libc
- ROP fundamentals
- Gadget finding
- Chain building
- mprotect/VirtualProtect
Module 6: ASLR Bypass (6h)
- Information leaks
- Partial overwrites
- Brute forcing
- Non-ASLR modules
Module 7: SEH Exploitation (5h)
- SEH overview
- SEH overwrite
- SafeSEH bypass
- SEHOP bypass
Module 8: Heap Exploitation (8h)
- Heap internals
- Use-after-free
- Double free
- Heap spray
- House of techniques
Module 9: Real-World Exploits (5h)
- CVE analysis
- Exploit adaptation
- Reliability improvements
- Weaponization
Tools
| Tool | Purpose |
|---|---|
| GDB + PEDA | Linux debugging |
| x64dbg | Windows debugging |
| ROPgadget | Gadget finder |
| mona.py | Exploit development |
| pwntools | Python exploitation |
📄️ Overview
Memory corruption exploitation: stack overflows, heap exploits, and ROP chains