Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Smashing the Stack: An Introduction to Basic Bi...

Avatar for SecDaemons SecDaemons
January 16, 2018
Programming
0
79

Smashing the Stack: An Introduction to Basic Binary Exploitation

Speaker: Alejandro Salinas, Associate Security Consultant at NCC Group

Abstract:
This presentation covers the fundamentals of 32bit binary exploits (focusing on the IA32 architecture) by means of logic abuse, overflows, and code injection. The goal is to arm you with basic knowledge of processor architectures and code review skills that will allow you to spot bugs and craft exploits for vulnerable executable.

Avatar for SecDaemons

SecDaemons

January 16, 2018
Tweet

Other Decks in Programming

See All in Programming
AtCoder Conference 2025
Avatar for shindannin shindannin
0
920
20251212 AI 時代的 Legacy Code 營救術 2025 WebConf
Avatar for mouson(墨嗓) mouson
0
240
クラウドに依存しないS3を使った開発術
Avatar for しめさば simesaba80
0
220
チームをチームにするEM
Avatar for hitode909 hitode909
0
440
愛される翻訳の秘訣
Avatar for Kishikawa Katsumi kishikawakatsumi
3
370
gunshi
Avatar for kazupon kazupon
1
140
Cap'n Webについて
Avatar for Yusuke Wada yusukebe
0
160
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
Avatar for izumin5210 izumin5210
6
1.6k
QAフローを最適化し、品質水準を満たしながらリリースまでの期間を最短化する #RSGT2026
Avatar for shibayu36 shibayu36
0
1.7k
Vibe codingでおすすめの言語と開発手法
Avatar for uyuki uyuki234
0
160
AI時代を生き抜く 新卒エンジニアの生きる道
Avatar for coconala_engineer coconala_engineer
1
520
まだ間に合う!Claude Code元年をふりかえる
Avatar for nogu nogu66
5
930

Featured

See All Featured
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.8k
WCS-LA-2024
Avatar for Leonardo Collado-Torres lcolladotor
0
410
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
54
8k
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
110
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.3k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
120
Docker and Python
Avatar for Tania Allard trallard
47
3.7k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
Avatar for Mine Cetinkaya-Rundel minecr
0
110
エンジニアに許された特別な時間の終わり
Avatar for watany watany
106
220k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
Unlocking the hidden potential of vector embeddings in international SEO
Avatar for Frank van Dijk frankvandijk
0
140

Transcript

  1. Smashing the Stack Alejandro Salinas

  2. Buffers and Stacks and Heaps, oh my!  Buffer –

    A temporary storage location  Stack – Abstract structure that stores information about current routine  Heap – Freeform region in memory that used for dynamic alocation

  3. Memory Segmentation

  4. Stack & Heap  Stack is LIFO  Stack grows

    down (low addresses on top high addresses on bottom)  Stack and Heap grow towards each other (heap grows up)  Stack is static and fast  Heap is Dynamic and slower (memory allocated at runtime). Think maloc()

  5. X86 Architecture crash course  Register-based architecture  General registers:

    EAX EBX ECX EDX  Index and pointers: ESI EDI EBP EIP ESP  Segment registers: CS DS ES FS GS SS  Indicator: EFLAGS

  6. X86 vs x64 registers

  7. Things to know  GDB or debugger/ disassembler (GEF, IDA,

    Binary Ninja, etc.)  Objdump  Scripting language (i.e.Perl/Python)  Basic native code programming (C/C++)  Basic assembly  Understanding of system architecture (e.g. know and understand how the Linux kernel works)  Other stuff, probably…

  8. Intro to Exploits

  9. F***k it, we’ll do it live.

  10. Questions?