1. Intro: Command Injection
2. SQL Injection, etc.
3. Simple Buffer Overflows
on Linux
4. Buffer Overflow with
Shellcode on Linux
5. Format String Exploits
6. Heap Overflows,
Race Conditions, etc.
7. Exploiting "Vulnerable
Server" on Windows
8. Stack Protections &
SEH Exploits
Introduction to Exploit Development
with
Sam Bowne,
Elizabeth Biddlecome,
and Kaitlyn Handelman
Scoreboard · Submit Flags · Discord · Zoom
I: Command Injection | |
| ED 200: Google Cloud Linux Server | 15 |
| ED 101: Essential Linux | 25 |
| ED 102. Command Injection * | 60 |
| ED 103: SQL Injection | 185 |
| ED 104: CMD Injection | 40 |
| ED 105: Server Side Template Injection (SSTI) | 35 |
| ED 106: PHP-FPM Command Injection | 15 |
| * Most important | |
II: Binary Exploits for Linux | |
| ED 201: Linux Buffer Overflow With Command Injection | 15 |
| ED 202: Linux Buffer Overflow Without Shellcode * | 115 |
| ED 203: Linux Buffer Overflow With Listening Shell | 45 |
| ED 204: Exploiting a Format String Vulnerability | 20 |
| ED 205: Very Simple Heap Overflow | 30 |
| ED 206: Heap Overflow via Data Overwrite | 45 |
| ED 207: Linux Buffer Overflow with ROP (requires VMware) | 15 |
| ED 210: Exploiting a Race Condition | 10 |
| ED 220: Intro to 64-bit Assembler | 40 |
| * Most important | |
IV: ARM Exploits | |
| ED 413: ARM Shellcode on the Pi | 30 |
| ED 414: Self-Modifying ARM Shellcode on the Pi | 20 |
| ED 420: Jailbreaking an iPhone with Checkra.in | 15 |
| ED 421: Buffer Overflow on an iPhone | 20 |
V: Extras | |
| ED 501: Codacy | 15 |
| ED 290: Chrome Desktop on a Cloud Linux Server | 10 |
| M 110: Genymotion Cloud and ADB | 25 |
| Go the Wrong Way CTF | 305 |
Local Virtual Machines | |
Only for students without credit cards | |
| ED 10: Kali Virtual Machine | 15 |
| ED 21: Windows 2016 Server Virtual Machine | 10 |
