Skip to content

Teddy Heinen

Pwn Resources

Collection of resources/tools/etc I thought might be useful for pwning. Hope it's useful!

note: the level of endorsement we're talking about for (most) of the courses/educational links here is "i saw it, thought it was cool, and found it in my bookmarks when writing this"

This is an eternal WIP; if you have anything you think would be useful that isn't already here you can contact me on discord @ sky#0004.

learning

nightmare

Collection of writeups, sorted and labelled.

LiveOverflow's Binary Exploitation Playlist

pwn.college

ASU's Computer Systems Security (CSE466) course, available online. It's pretty solid and starts at a beginner level.

phoenix

ctf series: binary exploitation

Good overview of a lot of introductoring binary exploitation concepts; I used this as a reference for quite a while when I was first getting started.

GOT and PLT for pwning

Good blog post on the details behind GOT/PLT/relocations with a particular eye towards using it for binary exploitation.

practice

deus x64

pwnable.kr

pwnable.tr

picoctf

tools

pwntools

"CTF framework and exploit development library" unimaginably useful and contains a very significant amount of functionality for solving (primarily pwn) CTF challenges

gef

GDB extension; adds a lot of generally useful commands but it'd be worth it just for the context TUI it adds

ghidra

The NSA's reverse engineering tool -- it works very well and is free.

libc-database

hosted

Used to correlate pointer offsets to libc versions; you provide it a set of symbols and their addresses and it will list libc versions which match. hosted is easier to use but may be missing recent or obscure versions

ropper

Searches and lists "ROP gadgets" in a binary

one_gadget

Searches libc for a "one gadget" and lists constraints; these are single-shot addresses you can jump to and receive a shell if you match the constraint.

reference

how2heap

Dictionary of heap attacks & examples, I check this out every single time I see a heap challenge I don't know how to do.

pivoting around memory

Describes the locations of pointers in one part of memory to another part; useful if you can read memory and need to turn the location of one region into knowledge of other regions.