Exploit Development & Binary Exploitation
tools & cheatsheet by d7x

• Windows:

  • WinDbg
  • Stack Overflows
  • SEH
  • Egghunters
  • DEP
  • ASLR
  • Tools

    • rp++
    • ROPgadget
    • ropper
    • letsrop
  • Shellcodes

    • 1
    • 2
    • 3
    • 4
  • Vulnerable Binaries / VMs

    • 1
    • 2
    • 3
    • 4
  • Resources

    • 1
    • 2
    • 3
    • 4

|__tools: rp++ ROPgadget ropper letsrop tool #5 tool #6 tool #7 Main cheatsheet
** this section is not completed yet / work in progress ** Linux:               |__shellcodes: execve (70 bytes, xor encoded) | bind (102 bytes) | reverse (86 bytes) | egghunter (dynamic generator)

---

WinDbg step over: p step into: t breakpoint on a symbol: bp kernel32!VirtualAllocStub symbols for some APIs could be referenced with the "Stub" suffix
IAT: !dh -f <module> dps <module> + <offset> Stack Overflows TODO ?id=1' %26%26 '1 Note 1 Note 2 DoubleStructured Exception Handler TODO TODO Note 1 " TODO TODO Note 1 Note 2 Egghunters TODO TODO Note 1 Data Execution Prevention (DEP) TODO(placeholder) # outputs result when both first and second statement is true Address space layout randomization (ASLR) Miscellaneous 1' AND select load_file(0x2f6574632f706173737764) # 1