Format String Vulnerabilities

Name: Format String Vulnerabilities
Rating: 4.5 (24 reviews)

Learn Format String Vulnerabilities the right way to crack CTFs and the toughest certification exams out there

Created bySrinivas .

Last updated 6/2025

English

What you'll learn

Students will learn practical format string vulnerability concepts for x64 processors
Students will learn how to leak memory addresses using format string vulnerabilities on Linux for x64 processors
Students will learn how to bypass stack canaries on Linux for x64 processors
Students will learn advanced Linux Binary Exploitation concepts
Students will learn how to use pwntools binary exploitation framework

Course content

7 sections • 19 lectures • 1h 16m total length

Course Introduction1:37

Lab setup0:09
Introduction1:00
Format Specifiers2:02
How print functions work10:38
Unusual usage of printf4:54
Explore how unusual use of printf format specifiers pulls values from the stack, exposes memory addresses, and enables format string vulnerabilities when untrusted data controls output.
Dangers of format string vulnerabilities2:37
Explore the dangers of format string vulnerabilities, including leaking memory addresses to bypass ASLR and stack protections, revealing secrets, overriding memory, and causing denial of service.

Leaking strings from memory8:46
Causing DOS using format string vulnerabilities2:00
demonstrates how to exploit format string vulnerabilities to dump stack data and cause a crash by using an invalid memory address, resulting in a segmentation fault.
Introduction to Stack Canaries10:41
Stack Canary Bypass - Part 1 (Introduction to pwntools)2:11
Stack Canary Bypass - Part 2 (Manually leaking stack canary)4:25
Stack Canary Bypass - Part 3 (Find offset of Stack Canary)3:47
Stack Canary Bypass - Part 4 (Find offset of RIP)6:31
Stack Canary Bypass - Final Exploit Part 16:51
Stack Canary Bypass - Final Exploit Part 27:04
Format String vulnerabilities

Requirements

A computer with administrative access, if you want to follow the hands-on exercises.
It is good to have knowledge basic on exploit development

Description

This course teaches exploit development concepts for Linux (x86_64) and it is specifically focused on format string vulnerabilities. This course begins by introducing students to the format string concepts on Linux x86_64 platform (though the concepts remain the same on other architectures too). We will slowly gear towards understanding how format string vulnerabilities can be leveraged to exploit other vulnerabilities such as Buffer Overflows. This is clearly taught in the course by showing various practical examples such as bypassing stack canaries and bypassing ASLR. This is an entry level to intermediate level course and we encourage you to take this course if you are interested to learn exploit development concepts surrounding format string vulnerabilities and memory leaks specifically for 64 bit intel processors. However, remember that the course involves a lot of assembly language and debugging using a debugger. So, you need patience and passion to learn the concepts taught in the course. This course makes use of a variety of techniques on exploit development and brace yourself if you are willing to learn by sitting in front of a computer. After successfully completing this course, you will be ready to attempt several industry leading practical cyber security certification exams.

Who this course is for:

Bug bounty hunters
CTF Players
Penetration testers
Security Auditors
Red Team Operators
Anyone interested in security.

Format String Vulnerabilities

What you'll learn

Explore related topics

Course content

Course Introduction1 lecture • 2min

Course Downloads1 lecture • 1min

Introduction to format strings6 lectures • 21min

Exploiting Format String Vulnerabilities9 lectures • 52min

Knowledge Check0

Course Conclusion1 lecture • 1min

Bonus Section1 lecture • 1min

Requirements

Description

Who this course is for: