Post

Binary Exploitation 101 - Introduction

Posted Updated
By r1ru
4 min read
Binary Exploitation 101 - Introduction

This blog series is still a work in progress. The content may change without notice.

Introduction

Four years ago, I came across a book called Hacking: The Art of Exploitation by Jon Erickson1. Since then, I’ve really gotten into binary exploitation and have learned a great deal. I’m still a newbie in many ways, but I think I’ve grown a lot compared to when I first opened this book.

It’s a fantastic book. Starting from the basics of C programming, it goes on to cover binaries, networking, cryptography, and explains both exploitation techniques and mitigations. It gave me insight into how programs actually work, how they can be exploited and mitigated, and most importantly, it showed me the art and joy of hacking.

The only drawback of the book is its age. The basics of how programs work haven’t changed, and classic techniques like stack overflow, format string attack, and ret2libc are still valuable to learn. However, The book does not cover modern mitigations, such as Intel CET and Arm MTE, nor many exploitation techniques, including ret2dlresolve and heap exploitation.

That’s why I decided to start writing a 2025 edition of Hacking: The Art of Exploitation. I’m not very knowledgeable about networking or cryptography, so I won’t be covering those. Instead, this series will focus specifically on binary exploitation.

I got into binary exploitation because the exploitation techniques taught me how programs really work. For example, to understand stack overflow and GOT overwrite, you need to understand how function calls and shared libraries work. To bypass mitigations like NX bit, ASLR, and CFI, you also need to understand how they are actually implemented. For me, studying explitation techniques has always been a way of learning the underlying mechanisms.

That’s the approach I want to keep in this series. Instead of just listing exploitation techniques and mitigations, the goal is to use them as a lens to understand how programs work and the principles behind both sides. This understanding is essential not only for developing new exploitation techniques, but also for designing effective mitigations.

This series will focus on x86-64 Linux environments. I’ll assume some basic knowledge of computer architecture and the ability to read and write simple C and Python programs. But I’ll explain as much as I can along the way, so even if you’re missing some background, you should be fine. And if you have questions, please don’t hesitate to ask. The only thing I ask is not to just say “I don’t understand.” Tell me what you tried, and where exactly you got stuck. Identifying what you don’t understand helps clarify which knowledge is missing.

Finally, because of the subject matter, I need to add a boring but necessary disclaimer. The purpose of this series is to share knowledge, not to train criminals. Attacking someone else’s computer is illegal. What you do with the knowledge you gain here is your own responsibility, and I take no liability for it. Freedom comes with responsibility. Don’t forget that.

My hope is that, just like I was four years ago, some readers will become interested in binary exploitation through this series, gain a solid grasp of program internals, exploitation techniques, mitigations, and eventually design practical and fundamental solutions that balance the trade-offs. That’s the kind of hacker I want to become myself, and the kind I hope you will become too.

Contents (Planned)

Exploitation Techniques

  • Buffer Overflow
  • Shellcode
  • ROP (Return-Oriented Programming)
  • FSA (Format String Attack)
  • GOT (Global Offset Table) Overwrite
  • ret2dlresolve
  • Mitigation Bypasses (See the list below)
  • glibc Heap Exploitation (TBD)

Mitigations

  • NX bit
  • SSP (Stack Smashing Protector)
  • ASLR (Address Space Layout Randomization)
  • PIE (Position-Independent Executable)
  • RELRO (RELocation Read-Only)
  • Intel CET (Control-flow Enforcement Technology)
  • Arm PAC (Pointer Authentication Code)
  • Arm BTI (Branch Target Identification)
  • Clang CFI (Control Flow Integrity)
  • Arm MTE (Memory Tagging Extension)
  • ASan (Address Sanitizer)

Contributing

As I mentioned at the beginning, I’m only four years into this field, and still very much a newbie. Binary exploitation is a hobby for me, not a job. I’ll do my best to make sure the content is accurate, but I may sometimes make mistakes or fail to explain things in depth due to my own limitations. On top of that, English is not my native language.

Writing a 2025 edition of Hacking: The Art of Exploitation is not something I can do alone. That’s why I’d love your help. Please don’t hesitate to point out mistakes or share feedback on the content. My goal is to reflect everything I’ve learned and experienced so far in this series. I don’t know when it will be complete, but if you’re willing to stick around and support it patiently, I’d be very happy.

  1. Erickson, J. (2021). Hacking: The Art of Exploitation, 2nd Edition. O’Reilly Media↩︎

Guide, Binary Exploitation 101
linux pwn
This post is licensed under CC BY 4.0 by the author.

Trending Tags

linux pwn ctf