Exploit Development for Linux x64

Explore sub registers in linux x64 assembly to store smaller values and avoid null bytes, demonstrated with nasm examples and linking basics.

Demonstrates using add, sub, inc, and dec instructions in 64-bit assembly to manipulate a register, including hex/decimal conversions and register inspection.

Demonstrate the xor instruction by performing a register xor with itself to yield zero. The lecture shows assembly setup, linking, and debugging of this simple xor operation on registers.

Explore how call and read instructions manage Linux x64 function calls, passing the first six arguments in registers and the seventh on the stack, with the return address handled.

Learn exploit development for linux x64 by analyzing a simple stack based buffer overflow. Explore disabling mitigations like stack canaries and address space layout randomisation to bypass protections.

Learn how a stack-based buffer overflow affects control flow by compiling a vulnerable C program and examining how protections are disabled to enable exploitation.

Find the offset to control rip using a 300-char pattern, then override the lower 48 bits with six bytes, confirming via memory maps and canonical address space.

Demonstrate a stack-based buffer overflow on linux x64 by placing shellcode at the buffer start, using a no-operation sequence to direct execution, and overwriting the return address; test in gdb and outside.

Update the exploit for a 64-bit linux binary by using gets instead of the previous function to avoid buffer termination, craft a new payload, and validate with gdb.

Explore the jump to register technique for a gets-based binary, generate a payload, modify the makefile, and use gdb breakpoints to redirect execution via gadgets.

Introduce the jump arizpe technique for stack-based buffer overflow exploitation, showing how to craft a payload and overwrite the saved return address to jump to shellcode placed after it.

Learn to write your own 64-bit shellcode by converting assembly to machine code, starting with exit code and progressing to larger payloads, using MSF venom.

Learn the seven-step process to write Linux x64 shellcode: prototype in C, identify syscalls and arguments, craft assembly, avoid null bytes, and extract shellcode from the final binary.

Write exit shellcode for linux x64 by invoking the exit system call with a single argument, loading 60 into rax and placing the status in the argument register.

Remove null bytes from exit shellcode by guarding registers with themselves to zero values, then assemble, verify with object dump, and extract shellcode bytes for exploits.

Learn to craft execve shellcode that spawns a shell by following seven step process, compiling a C program, then analyze, extract, and test the shellcode in a stack based exploit.

Explore building a linux x64 reverse tcp shellcode by assembling a socket call, preparing a stack-based connect structure, and using registers to pass arguments and establish the connection.

Explore exploit mitigations in linux x64, including non-executable stack, address space layout randomization, and stack canaries, and learn how they affect exploits and ways to bypass them.

Analyze how NX enforces a non-executable stack by inspecting the memory map and stack permissions, and illustrate how return-to-lipsey and return-oriented programming enable shellcode execution on the stack.

Learn how to perform a return-to-libc attack on linux x64 by disabling ASLR, locating system and exit addresses, locating /bin/sh via strings, and selecting gadgets for a rop payload.

This lecture demonstrates a return-to-libc exploit on linux x64, detailing stack setup, overwriting the return address with libc gadget addresses, and debugging with gdb to achieve a shell.

Learn how to use mprotect to make the stack executable by passing three arguments, base address, size, and a seven mask combining read, write, and execute permissions; verified with GDB.

Construct a manual rop chain from scratch to bypass NX, locate gadgets, set up rdi rsi rdx, call mprotect to make the stack executable, and execute shell code.

Explore how the procedure linkage table and global offset table enable dynamic linking and lazy binding of Lipsey library functions like printf, caching addresses for subsequent calls.

Discover the ret2plt technique that bypasses nx and aslr on linux x64 by leveraging in-binary gadgets and the system@plt in a no-p binary.

Celebrate completing the linux x64 exploit development fundamentals course and share your learning experience; leave a review and spread the word to friends and colleagues.