Microcorruption
I plan to kick off this blog with a walkthrough of Microcorruption.com – an online “Capture The Flag” where you utilize a lightweight debugging interface to step through 16-bit MSP430 assembly code in order to understand, and ultimately exploit, increasingly more secure embedded security software. Find the vulnerability, hack the software, unlock the door, earn points, and repeat.
This site is the essence of binary exploitation distilled into a streamlined experience that will allow you to focus more on exploitation principles and the creative process involved rather than the exact tools and techniques you might employ in the real world – that can come later. Learn more on their about page.
Here are my writeups, along with the topics introduced:
0x00 - Tutorial
0x01 - New Orleans - reading memory, assembly
0x02 - Sydney
0x03 - Hanoi - stack buffer overflow to modify variables
0x04 - Cusco - stack buffer overflow to modify return addresses and redirect code execution
0x05 - Johannesburg - stack canaries
0x06 - Reykjavik
0x07 - Whitehorse - writing and injecting shellcode
0x08 - Montevideo
0x09 - Santa Cruz - bypassing bounds checking
0x0A - Addis Ababa - format string vulnerabilities
0x0B - Novosibirsk
0x0C - Jakarta - integer underflow
0x0D - Algiers - overwrite of heap allocator internals
0x0E - Vladivostok - bypassing ASLR by leaking pointers
0x0F - Bangalore - bypassing DEP
0x20 - Lagos - shellcode with restrictions
This site is the essence of binary exploitation distilled into a streamlined experience that will allow you to focus more on exploitation principles and the creative process involved rather than the exact tools and techniques you might employ in the real world – that can come later. Learn more on their about page.
Here are my writeups, along with the topics introduced:
0x00 - Tutorial
0x01 - New Orleans - reading memory, assembly
0x02 - Sydney
0x03 - Hanoi - stack buffer overflow to modify variables
0x04 - Cusco - stack buffer overflow to modify return addresses and redirect code execution
0x05 - Johannesburg - stack canaries
0x06 - Reykjavik
0x07 - Whitehorse - writing and injecting shellcode
0x08 - Montevideo
0x09 - Santa Cruz - bypassing bounds checking
0x0A - Addis Ababa - format string vulnerabilities
0x0B - Novosibirsk
0x0C - Jakarta - integer underflow
0x0D - Algiers - overwrite of heap allocator internals
0x0E - Vladivostok - bypassing ASLR by leaking pointers
0x0F - Bangalore - bypassing DEP
0x20 - Lagos - shellcode with restrictions