October 4, 2017

Awesome Windows Exploitation

Awesome Windows Exploitation

Table of Contents

Windows stack overflows

Stack Base Overflow Articles.

Windows heap overflows

Heap Base Overflow Articles.

Kernel based Windows overflows

Kernel Base Exploit Development Articles.

Windows Kernel Memory Corruption

Windows Kernel Memory Corruption Exploit Development Articles.

Return Oriented Programming

Windows memory protections

Windows memory protections Introduction Articles.

Bypassing filter and protections

Windows memory protections Bypass Methods Articles.

Typical windows exploits

Exploit development tutorial series

Exploid Development Tutorial Series Base on Windows Operation System Articles.


Disassemblers, debuggers, and other static and dynamic analysis tools.

  • angr - Platform-agnostic binary analysis
    framework developed at UCSB's Seclab.
  • BARF - Multiplatform, open
    source Binary Analysis and Reverse engineering Framework.
  • Binary Ninja - Multiplatform binary analysis IDE supporting
    various types of binaries and architecturs. Scriptable via Python.
  • binnavi - Binary analysis IDE for
    reverse engineering based on graph visualization.
  • Bokken - GUI for Pyew and Radare.
  • Capstone - Disassembly framework for
    binary analysis and reversing, with support for many architectures and
    bindings in several languages.
  • codebro - Web based code browser using
    clang to provide basic code analysis.
  • dnSpy - .NET assembly editor, decompiler
    and debugger.
  • Evan's Debugger (EDB) - A
    modular debugger with a Qt GUI.
  • GDB - The GNU debugger.
  • GEF - GDB Enhanced Features, for exploiters
    and reverse engineers.
  • hackers-grep - A utility to
    search for strings in PE executables including imports, exports, and debug
  • IDA Pro - Windows
    disassembler and debugger, with a free evaluation version.
  • Immunity Debugger - Debugger for
    malware analysis and more, with a Python API.
  • ltrace - Dynamic analysis for Linux executables.
  • objdump - Part of GNU binutils,
    for static analysis of Linux binaries.
  • OllyDbg - An assembly-level debugger for Windows
  • PANDA - Platform for Architecture-Neutral Dynamic Analysis
  • PEDA - Python Exploit Development
    Assistance for GDB, an enhanced display with added commands.
  • pestudio - Perform static analysis of Windows
  • Process Monitor -
    Advanced monitoring tool for Windows programs.
  • Pyew - Python tool for malware
  • Radare2 - Reverse engineering framework, with
    debugger support.
  • SMRT - Sublime Malware Research Tool, a
    plugin for Sublime 3 to aid with malware analyis.
  • strace - Dynamic analysis for
    Linux executables.
  • Udis86 - Disassembler library and tool
    for x86 and x86_64.
  • Vivisect - Python tool for
    malware analysis.
  • X64dbg - An open-source x64/x32 debugger for windows.