In 1996, Phrack magazine published the article Smashing the stack for fun and profit . Since then, the article has become a milestone in memory vulnerability research and exploit development. It demonstrates how an attacker can exploit a buffer overflow on the stack to execute arbitrary code in a process that they only have access to by providing some inputs.
It can be seen as the beginning of an arms race between attackers and defenders. Each time, the defenders add more mitigations to try and block attackers, the attackers find new and more elaborate ways to work around the hardening techniques that defenders implement.
This arms race continues to this day. The importance of memory vulnerabilities and hardening against exploits making use of them has only grown. The presentations and blogs from Microsoft , Chromium and Android highlight that 60% to 70% of exploits they see are caused by a memory vulnerability.
To gain an in-depth understanding of how memory vulnerabilities are used to build an exploit; how the mitigations work; and how the arms race continues to drive new mitigations; it is very valuable to understand the state of the world at this “starting-point” in 1996.
In this learning path, you will implement a few basic experiments to understand stack layout, buffer overflow and similar concepts, with the goal to build a simple end-to-end buffer overflow attack. You will do this on an Arm AArch64 linux machine.
This learning path aims to give plenty of guidance for implementing these in as little time as possible, so that the key puzzle solving challenges in building the exploit can still be done by you. Solving these key pieces of a puzzle to build an exploit is essential for gaining an in-depth understanding of how memory vulnerabilities are exploited and how mitigations such as ASLR, PAC, DEP, execute-only, BTI, stack protectors and many others work.