Nightmare
1.
Introduction
1.1.
Assembly
1.2.
Reversing Assembly
1.3.
Reversing with GHIDRA
1.4.
Debugging with GDB
1.5.
Scripting with Python pwntools
1.6.
Beginner Reversing
1.6.1.
CSAW'19: Beleaf
1.6.2.
Helithumper RE
1.6.3.
Pico'18: Strings
2.
Stack Buffer Overflows
2.1.
TAMU'19: Pwn1
2.2.
TokyoWesterns'17: JustDoIt
2.3.
CSAW'16: Warmup
2.4.
CSAW'18: Getit
2.5.
TU'17: Vulnchat
2.5.1.
ASLR/PIE
2.6.
CSAW'17: Pilot
2.7.
TAMU'19: Pwn3
2.8.
TU'18: Shellaeasy
2.8.1.
NX/XN/DEP
2.9.
BKP'16: SimpleCalc
2.10.
DCQuals'16: Feedme
2.11.
DCQuals'19: Speedrun1
2.11.1.
Canaries/Cookies
2.11.2.
RELRO
2.12.
CSAW'19: Babyboi
2.13.
CSAW Quals'17: SVC
2.14.
FB'19: Overfloat
2.15.
HS'19: Storytime
3.
Format Strings
3.1.
Backdoor'17: bbpwn
3.2.
PicoCTF'18: echo
3.3.
TokyoWesterns'16: Greeting
4.
Array Indexing
4.1.
CSAW'18: DoubleTrouble
4.2.
DCQ'16: XKCD
4.3.
SunshineCTF'17: Alt. Solution
4.4.
SwampCTF'19: Dreamheaps
5.
Bad Seed
5.1.
H3: Time
5.2.
HSCTF'19: Tuxtalkshow
5.3.
SunshineCTF'17: Prepared
6.
Z3 & Symbolic Execution (angr)
6.1.
HS'19: abyte
6.2.
TokyoWesterns'17: revrevrev
6.3.
TUCTF: Future
6.4.
DEFCamp: r100
6.5.
PlaidCTF'19: icancount
6.6.
SecurityFest Fairlight
7.
Return Oriented Programming (ROP)
7.1.
Partial Overwrite
7.1.1.
Hack.lu'15: stackstuff
7.1.2.
TAMU'19: pwn2
7.1.3.
TUCTF'17: vulnchat2
7.2.
Stack Pivoting
7.2.1.
DCQuals'19: speedrun4
7.2.2.
Insomnihack'18: onewrite
7.2.3.
SECCON'19: sum
7.2.4.
XCTF'16: b0verflow
7.3.
SIGROP (SROP)
7.3.1.
BackdoorCTF: funsigals
7.3.2.
CSAW'19: smallboi
7.3.3.
InCTF'17: stupidrop
7.3.4.
SwampCTF'19: syscaller
7.4.
ret2csu
7.4.1.
0CTF'18: babystack
7.4.2.
ROPEmporium
7.5.
ret2system
7.5.1.
ASIS'17: marymorton
7.5.2.
HXP'18: poorCanary
7.5.3.
TUCTF: guestbook
8.
Heap Exploitation
8.1.
Double Frees
8.2.
Heap Consolidation
8.3.
Use-after-Frees
8.4.
Protostar: heap0
8.5.
Protostar: heap1
8.6.
Protostar: heap2
8.7.
unlink() Exploitation
8.7.1.
HITCON'14: stkof
8.7.2.
ZCTF'16: note2
8.8.
Heap Grooming
8.8.1.
PicoCTF: areyouroot
8.8.2.
SwampCTF'19: Heap Golf
8.9.
Fastbin Attack
8.9.1.
0CTF: babyheap
8.9.2.
CSAW'17: Auir
8.10.
Unsortedbin Attack
8.10.1.
0CTF'16: zerostorage
8.10.2.
HITCON: magicheap
8.11.
Largebin Attack (part 1)
8.12.
Largebin Attack (part 2)
8.13.
GLibc Tcache
8.13.1.
DCQuals'19: babyheap
8.13.2.
PlaidCTF'19: cpp
8.13.3.
CSAW'19: Popping Caps 1
8.13.4.
CSAW'19: Popping Caps 2
8.14.
House of Spirit
8.14.1.
Hack.lu'14: Oreo
8.15.
House of Lore
8.16.
House of Force
8.16.1.
BKP'16: Cookbook
8.17.
House of Einherjar
8.18.
House of Orange
8.19.
Miscellaneous
8.19.1.
CSAW'17: Minesweeper
8.19.2.
CSAW'18: alienVSsamurai
8.19.3.
CSAW'19: Traveller
9.
Integer Overflows
9.1.
sploitFUN: vuln
9.2.
Puzzle
9.3.
Signed vs. Unsigned
10.
FILE Exploitation
10.1.
SwampCTF'19: Bad File
11.
Grab Bag
11.1.
Shellcoding
11.1.1.
CSAW'18: Shellpointcode
11.1.2.
DCQuals'19: S3
11.1.3.
DCQuals'19: S6
11.2.
Patching
11.2.1.
CSAW Quals'16: gametime
11.2.2.
DCQuals'18: ELFCrumble
11.2.3.
Plaid'19: PPP
11.3.
.NET
11.3.1.
Bikinibonanza
11.3.2.
CSAW'13: DotNetReversing
11.3.3.
Whitehat'18: re06
11.4.
Obfuscation
11.4.1.
BKP'16: Unholy
11.4.2.
CSAW'15: Wyvern
11.4.3.
CSAW'17: Prophecy
11.4.4.
MOVfuscation
11.4.4.1.
ASIS'18: babyc
11.4.4.2.
RECON: movfuscated
11.4.4.3.
SwampCTF'19: Future Fun
11.5.
Custom Architecture
11.5.1.
H3Machine (part 1)
11.5.2.
H3Machine (part 2)
11.5.3.
H3Machine (part 3)
11.5.4.
H3Machine (part 4)
11.6.
Emulation
11.6.1.
CSAW'15: Hackingtime
11.6.2.
CSAW'17: Realism
11.6.3.
CSAW'18: x86 Pt.2
11.7.
Uninitialized Variables
11.8.
CSAW'18: Doubletrouble
11.9.
CSAW'19: Gibberishcheck
11.10.
HackIM'19: Shop
What's Next
References
Light
Rust
Coal
Navy (default)
Ayu
Nightmare
Z3 & Symbolic Execution (angr)