# Stack - [Introduction](/notes/binexp/stack/introduction.md): An introduction to binary exploitation - [ret2win](/notes/binexp/stack/ret2win.md): The most basic binexp challenge - [De Bruijn Sequences](/notes/binexp/stack/de-bruijn-sequences.md): The better way to calculate offsets - [Shellcode](/notes/binexp/stack/shellcode.md): Running your own code - [NOPs](/notes/binexp/stack/nops.md): More reliable shellcode exploits - [32- vs 64-bit](/notes/binexp/stack/32-vs-64-bit.md): The differences between the sizes - [No eXecute](/notes/binexp/stack/no-execute.md): The defence against shellcode - [Return-Oriented Programming](/notes/binexp/stack/return-oriented-programming.md): Bypassing NX - [Calling Conventions](/notes/binexp/stack/return-oriented-programming/calling-conventions.md): A more in-depth look into parameters for 32-bit and 64-bit programs - [Gadgets](/notes/binexp/stack/return-oriented-programming/gadgets.md): Controlling execution with snippets of code - [Exploiting Calling Conventions](/notes/binexp/stack/return-oriented-programming/exploiting-calling-conventions.md): Utilising Calling Conventions - [ret2libc/ret2system](/notes/binexp/stack/return-oriented-programming/ret2libc.md): The standard ROP exploit - [Stack Alignment](/notes/binexp/stack/return-oriented-programming/stack-alignment.md): A minor issue - [Format String Bug](/notes/binexp/stack/format-string.md): Reading memory off the stack - [Stack Canaries](/notes/binexp/stack/canaries.md): The Buffer Overflow defence - [PIE](/notes/binexp/stack/pie.md): Position Independent Code - [Pwntools, PIE and ROP](/notes/binexp/stack/pie/pwntools-pie-and-rop.md) - [PIE Bypass with Given Leak](/notes/binexp/stack/pie/pie-exploit.md): Exploiting PIE with a given leak - [PIE Bypass](/notes/binexp/stack/pie/pie-bypass.md): Using format string - [ASLR](/notes/binexp/stack/aslr.md): Address Space Layout Randomisation - [ASLR Bypass with Given Leak](/notes/binexp/stack/aslr/aslr-bypass-with-given-leak.md) - [PLT and GOT](/notes/binexp/stack/aslr/plt_and_got.md): Bypassing ASLR - [ret2plt ASLR bypass](/notes/binexp/stack/aslr/ret2plt-aslr-bypass.md) - [Virtual Addresses and Virtual Memory](/notes/binexp/stack/virtual-addresses-and-virtual-memory.md) - [GOT Overwrite](/notes/binexp/stack/got-overwrite.md): Hijacking functions - [Exploiting a GOT overwrite](/notes/binexp/stack/got-overwrite/exploiting-a-got-overwrite.md) - [RELRO](/notes/binexp/stack/relro.md): Relocation Read-Only - [Reliable Shellcode](/notes/binexp/stack/reliable-shellcode.md): Shellcode, but without the guesswork - [ROP and Shellcode](/notes/binexp/stack/reliable-shellcode/rop-and-shellcode.md) - [Using RSP](/notes/binexp/stack/reliable-shellcode/using-rsp.md) - [ret2reg](/notes/binexp/stack/reliable-shellcode/ret2reg.md): Using Registers to bypass ASLR - [Using ret2reg](/notes/binexp/stack/reliable-shellcode/ret2reg/using-ret2reg.md) - [One Gadgets and Malloc Hook](/notes/binexp/stack/one-gadgets-and-malloc-hook.md): Quick shells and pointers - [Syscalls](/notes/binexp/stack/syscalls.md): Interfacing directly with the kernel - [Exploitation with Syscalls](/notes/binexp/stack/syscalls/exploitation-with-syscalls.md) - [Sigreturn-Oriented Programming (SROP)](/notes/binexp/stack/syscalls/sigreturn-oriented-programming-srop.md): Controlling all registers at once - [Using SROP](/notes/binexp/stack/syscalls/sigreturn-oriented-programming-srop/using-srop.md) - [ret2dlresolve](/notes/binexp/stack/ret2dlresolve.md): Resolving our own libc functions - [Exploitation](/notes/binexp/stack/ret2dlresolve/exploitation.md) - [ret2csu](/notes/binexp/stack/ret2csu.md): Controlling registers when gadgets are lacking - [Exploitation](/notes/binexp/stack/ret2csu/exploitation.md) - [CSU Hardening](/notes/binexp/stack/ret2csu/csu-hardening.md) - [Exploiting over Sockets](/notes/binexp/stack/exploiting-over-sockets.md): File Descriptors and Sockets - [Exploit](/notes/binexp/stack/exploiting-over-sockets/exploit.md): Duplicating the Descriptors - [Socat](/notes/binexp/stack/exploiting-over-sockets/socat.md): More on socat - [Forking Processes](/notes/binexp/stack/forking-processes.md): Flaws with fork() - [Stack Pivoting](/notes/binexp/stack/stack-pivoting.md): Lack of space for ROP - [Exploitation](/notes/binexp/stack/stack-pivoting/exploitation.md): Stack Pivoting - [pop rsp](/notes/binexp/stack/stack-pivoting/exploitation/pop-rsp.md): Using a pop rsp gadget to stack pivot - [leave](/notes/binexp/stack/stack-pivoting/exploitation/leave.md): Using leave; ret to stack pivot - [Pointer Authentication](/notes/binexp/stack/pointer-authentication.md): An Arm hardware protection to combat ROP - [Memory Tagging Extension (MTE)](/notes/binexp/stack/memory-tagging-extension-mte.md): Arm's MTE Hardware Protection - [Memory Integrity Enforcement](/notes/binexp/stack/memory-integrity-enforcement.md)