Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Understanding buffer overflow exploitation

File name
File size
419.8 MB

Everything started with Aleph One's paper "Smashing the Stack for Fun and Profit". These techniques are still the basis for modern exploitation of buffer, heap and format string vulnerabilities. We will give a swift overview about C functions, stack usage, assembler, gcc, gdb and how these few tools can be used to understand and write shell-code to turn simple buffer overflows into backdoors that open whole systems to potential attackers. Sure you want to know how to defend against that. We also will tell you about that! This course essentially was held at Informatica Feminale in Bremen in September 2005. Not by accident, there is a strong alignment to Aleph1's popular paper on this topic. We will start by looking at the i386 architecture, the linux memory model, typical C functions, how function parameters are pushed onto the stack according to standard C calling convetions and how space is allocated on the stack for local variables. We will take a closer look at the steps neccessary to open a shell and exit cleanly and how to find out how to implement these functions in assembler to build a shellcode, which yields a pretty universal howto of shellcode writing on nearly any architecture, just using gcc and gdb. Finally, we will see how the vital stack space of some vulnerable programs gets overwritten and and how to cleverly do that to force even unknown programs into doing what WE want them to do. The conclusion of this course will put buffer overflows into a wider perspective. How are they related to those other vulnerabilities, like heap overflows and format string vulnerabilities and what can we do to prevent them?

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !