SEC-T - 0x0D*****

9-10th of Semptember 2021

Intermediate Binary Exploitation

Binary exploitation is a field with both breadth and depth. There are many types of programs, architectures and operating systems that can be analysed for vulnerabilities and exploited. Once you have taken your first steps in the field and exploited some basic stack buffer overflows and mismanaged pointers you might find yourself wondering what the next step is. The purpose of this training is to provide you with that next step and add some more techniques and concepts to your arsenal which will allow you to exploit more targets and further expand your knowledge.

Learning Goals and Expected Outcomes

The training builds on my previous training “Basics of Binary Exploitation” but it is not a strict prerequisite. Here we continue the journey through the land of memory corruption by looking at more types of userland exploits, including 64-bit x86 architecture. It will also cover some more exercises around heap exploitation and introduce basic Linux kernel exploitation concepts.
After completing the training the student should be comfortable with writing exploits for a wider range of vulnerabilities and bypass even more protections. With this in their toolbox they should be able to approach some real-world targets and have the foundation to further expand their knowledge and work towards exploiting modern targets such as browsers or phones.

Course Contents


Below is a rough outline of the planned schedule for the training. This is preliminary and
subject to change. A more definitive schedule will be posted prior to the training.

Tools Used

We will be using mostly free and open source tools throughout the training. Programs will be debugged with gdb with the pwndbg addon. The exercises can be solved with a programming language of your choice but examples will be presented in Python and C with
the pwntools framework. The only commercial tool we will use is Binary Ninja which is a reverse engineering platform. A personal non-commercial license for Binary Ninja is included in the price of the training
which you get to keep and can, if desired be upgraded to a commercial license. All tools and exercises will be available as a pre-packaged VM/container. Instructions on how to obtain and get it set up on your computer will be provided to all participants ahead of the training.


The student is expected to understand the basics of binary exploitation including basic concepts of memory layout and corruption, stack buffer overflows and common protections such as ASLR, DEP and stack cookies. Additionally basic knowledge about programs and operating systems and proficiency in Python and C is helpful. Appendix A contains some topics and snippets of code that are expected to be understood by the student.

The Instructor

Carl Svensson is a security professional and hobbyist currently working at Google as part of the internal red team. He is a frequent CTF player for the Swedish top team HackingForSoju and an active member of the Swedish and international security community with a great fondness for a broad range of topics, reverse engineering being one of his favorites. If you have questions about the contents of this training, feel free to get in touch at [email protected]