## https://sploitus.com/exploit?id=271C232F-53B7-5EE4-B7B8-DA1FA27A0E1B
# exploit-labs
Companion code for the Windows-security blog at [paragmali.com](https://paragmali.com).
Each lab is a self-contained, reproducible walkthrough of one
vulnerability class on Windows x64, with every mitigation toggled
on and off so you can see โ in real captured artifacts โ exactly
what each mitigation defeats and what it lets through.
## How a lab works
Every `labs//` directory contains:
- `src/` โ vulnerable program + exploit
- `build.ps1` โ produces multiple binary variants (mitigations on/off)
- `capture.ps1` โ runs each variant under WinDbg/cdb, captures memory state
- `expected/` โ committed "golden" artifacts (the JSON+text files that
the blog post quotes verbatim)
- `README.md` โ what you'll learn
CI re-runs `capture.ps1` on every push (`windows-latest` runner) and asserts
the captured artifacts match `expected/`. If you change the lab, the golden
files update automatically on `main`.
## Reproducing locally
Requires Windows 11 / Server 2022 + MSVC Build Tools 2022 + Windows SDK 26100.
```pwsh
cd labs\01-stack-overflow-win-x64
.\build.ps1
.\capture.ps1
# compare with .\expected\
```
## Layout
```
exploit-labs/
โโโ README.md โ you are here
โโโ LICENSE โ MIT
โโโ SECURITY.md โ responsible-disclosure framing
โโโ .github/workflows/
โ โโโ capture.yml โ CI: build + capture on windows-latest
โโโ ci/
โ โโโ check-golden.ps1 โ diff captured vs expected/
โโโ labs/
โโโ 01-stack-overflow-win-x64/
โโโ README.md
โโโ src/vulnerable.c
โโโ src/exploit.py
โโโ build.ps1
โโโ capture.ps1
โโโ expected/
โโโ v0-all-off/ (no mitigations)
โโโ v1-gs-on/ (/GS stack canary)
โโโ v2-aslr-on/ (/DYNAMICBASE + /HIGHENTROPYVA)
โโโ v3-cfg-on/ (/guard:cf)
โโโ v4-cet-on/ (/CETCOMPAT + SetProcessMitigationPolicy)
```
## Responsible use
Everything here targets binaries we wrote, in a controlled lab VM,
to teach how Windows mitigations work and fail. See SECURITY.md.
## License
MIT. See LICENSE.