## https://sploitus.com/exploit?id=78DB12CD-E3D1-5C49-A659-E9622DC6CD56
# Binary Exploitation Labs
This repository is my **long-term public portfolio** for studying and practicing
low-level software exploitation and memory corruption vulnerabilities.
It is designed as a **structured, numbered progression** covering fundamental
and advanced exploitation techniques, with a strong emphasis on understanding
**how programs behave at runtime**.
This is not a collection of CTF writeups.
It is a growing laboratory of experiments, analysis, and exploitation primitives.
---
## Scope
This repository will eventually contain **1000+ projects**, organized by
vulnerability class and exploitation technique.
Each project is intentionally small, focused, and documented.
---
## Tracks & Numbering Scheme
Projects are grouped into tracks using a **global numbering system** to reflect
progression and conceptual depth.
### 1โ100: Stack-Based Vulnerabilities
- Stack buffer overflows
- Saved RIP/EIP overwrite
- ret2win
- ret2libc
- Stack canaries and bypass analysis
### 101โ250: Heap Exploitation
- Heap overflows
- Use-after-free (UAF)
- Double free
- glibc malloc internals
- tcache exploitation
### 251โ300: Format String Vulnerabilities
- Stack and heap reads
- Arbitrary write primitives
- GOT overwrite
- Info leak construction
### 301โ400: Integer Vulnerabilities
- Integer overflow / underflow
- Signedness bugs
- Length truncation
- Exploitation of size miscalculations
### 401โ500: Return-Oriented Programming (ROP)
- ROP chain construction
- Stack pivoting
- ret2csu
- syscall-oriented programming (SROP)
- Bypassing NX and ASLR
### 501โ650: Advanced Control Flow
- Partial pointer overwrites
- Vtable hijacking
- Function pointer corruption
- C++ object layout abuse
### 651โ750: Shellcode Development
- x86 / x86-64 shellcode
- Encoding and obfuscation
- Null-free payloads
- Environment-based shellcode
### 751โ850: General Memory Corruption
- Arbitrary read/write primitives
- Info leak chaining
- Cross-structure corruption
- Realistic bug chains
### 851โ1000+: Research & Hybrid Exploitation
- Mixed vulnerability chains
- Mitigation bypass case studies
- Real-world inspired targets
- Custom allocators and runtimes
---
## Repository Structure
binary-exploitation-labs/
โโโ stack/
โโโ heap/
โโโ format-string/
โโโ integer/
โโโ rop/
โโโ shellcode/
โโโ memory-corruption/
โโโ README.md
Projects are organized by **vulnerability class**, not difficulty.
---
## Project Structure
Each project typically contains:
project-XYZ-name/
โโโ vuln.c # Vulnerable source code
โโโ build/ # Compiled binaries (ignored)
โโโ Exploits/
โ โโโ exploit.py # Proof-of-concept exploit
โโโ Makefile # Build configurations
โโโ README.md # Detailed analysis and notes
---
## Project Philosophy
Every project follows the same principles:
- Start from **source code**
- Understand memory layout before exploitation
- Identify the **primitive gained** (RIP control, read, write, etc.)
- Study mitigation behavior and side effects
- Document failures and unexpected behavior
Progress is measured by **understanding**, not by exploit count.
---
## Tooling
- C and x86/x86-64 Assembly
- GDB + GEF
- Python for exploit scripting
- Linux (WSL / native)
---
## About
I am focused on low-level systems security, with particular interest in:
- Binary exploitation
- Reverse engineering
- Operating system internals
- Runtime behavior of software
This repository reflects how I reason about programs at the memory level.
---
## Disclaimer
All code and experiments in this repository are for **educational and research purposes only**.