This blog series is still a work in progress. The content may change without notice. In this chapter, we’ll learn about ret2dlresolve. The materials for this chapter can be found in the chapter_09 folder. Introduction If we look at this chapter’s chal.c, we’ll notice the output functions such as printf and putchar have been removed: As printf(buf) is gone, we can no longer use FSA, but si...
This blog series is still a work in progress. The content may change without notice. In this chapter, we’ll learn about FSA (Format String Attack) and GOT (Global Offset Table) overwrite, along with their mitigations, RELRO (RELocation Read-Only) and PIE (Position-Independent Executable). The materials for this chapter can be found in the chapter_08 folder. Introduction If we look at this ch...
This blog series is still a work in progress. The content may change without notice. In this chapter, we’ll learn about ASLR (Address Space Layout Randomization) and its bypass. The materials for this chapter can be found in the chapter_07 folder. Introduction As we learned in the previous chapter, SSP is a mitigation that makes it harder to overwrite the return address via a buffer overflow...
This blog series is still a work in progress. The content may change without notice. In this chapter, we’ll learn about SSP (Stack Smashing Protector) and its bypass. The materials for this chapter can be found in the chapter_06 folder. Introduction As we learned in the previous chapter, NX bit can prevent attacks using shellcode, but it can be bypassed using ROP. Then, is there a better way...
This blog series is still a work in progress. The content may change without notice. In this chapter, we’ll learn about NX (No eXecute) bit and its bypass technique, ROP (Return-Oriented Programming). The materials for this chapter can be found in the chapter_05 folder. Introduction In the previous chapter, we put shellcode on the stack and jumped to it to spawn a shell. Now let’s think abou...