A solution to the exercise in the Corelan article Root Cause Analysis - Integer Overflows on exploiting integer and heap overflows. The solution illustrates massaging the heap into a vulnerable state by corrupting the Windows front-end allocator and finally exploiting it to gain arbitrary code execution. Read more.
Heap Overflows For Humans is a series of articles by Steven Seeley that explore heap exploitation on Windows. In this article I will go over the exact reasoning and exploitation steps for an exercise created by Steven in the second article of the series. Read more.
A walkthrough for the Mystery Box Buffer Overflow challenge in the Open Security Training - Introductory x86 class. Read more.
A solution to an exercise in Corelan Tutorial 10 on writing DEP and ASLR bypassing exploits. The solution illustrates grabbing leaked kernel32 address from memory, calculating an offset to VirtualProtect() and at last setting up a ROP chain to make a memory location with shellcode executable. Read more.
A solution to a small exercise in Corelan's Tutorial 9 on writing Windows 32-bit shellcode. The solution illustrates some techniques in removing null-bytes from a sample shellcode as well as a few tricks to keep the shellcode modular and easy to modify. Read more.
A collection of techniques on Windows SEH exploitation. Specifically the article covers methods of reliable exploit development by getting from a successfully overwritten pointer to Exception Handler (SEH) to the pointer to the Next Exception Handler (NSEH) struct. Read more.