Exploit Development
Exploit DevelopmentEgghunters: Staged Payload Delivery When Buffer Space Is TightWhen your overflow buffer is too small for real shellcode, an egghunter scans process memory for your tagged payload and jumps to…Read →Exploit DevelopmentShellcode Encoders: XOR Encoding, Custom Decoders, and Avoiding Bad CharsControl EIP but your shellcode dies in transit? This tutorial covers XOR encoding, custom x86 decoder stubs using JMP-CALL-POP, per-chunk keying, and…Read →Exploit DevelopmentPosition-Independent Code: Writing PIC Shellcode Without Hardcoded AddressesDiscover how Windows shellcode achieves position independence by walking the PEB loader chain, hashing export names with ROR-13, and eliminating null bytes…Read →Exploit DevelopmentWriting x64 Shellcode: Differences, Shadow Space, and Register ConventionsLearn the ABI-level differences between x86 and x64 Windows shellcode, including shadow space, register conventions, PEB walking via GS:[0x60], and export table…Read →Exploit DevelopmentWriting Your First Shellcode: x86 Reverse Shell from ScratchLearn to hand-craft a Windows x86 reverse shell in NASM — resolving APIs via PEB walk and PE export parsing, initialising Winsock,…Read →Exploit DevelopmentBad Characters, Null Bytes, and Restricted Character SetsDiscover why bad characters like null bytes corrupt shellcode in buffer overflows, how to enumerate restricted character sets with mona.py, and how…Read →Exploit DevelopmentFinding the EIP Offset: Pattern Creation and Cyclic PatternsMaster EIP offset discovery using De Bruijn cyclic patterns and tools like msf-pattern_create, mona.py, and pwntools. A repeatable, tool-agnostic workflow for x86…Read →Exploit DevelopmentClassic Stack Buffer Overflow: Smashing the Stack on WindowsMaster the classic stack buffer overflow on Windows x86: corrupt the saved EIP, pivot through a JMP ESP trampoline, and understand how…Read →Exploit DevelopmentUnderstanding the Stack: Frames, Prologue/Epilogue, and Stack LayoutLearn how x86 and x64 Windows stack frames are structured — from EBP chains and shadow space to prologue/epilogue sequences — and…Read →Exploit Developmentx86 and x64 Calling Conventions: cdecl, stdcall, fastcall, and System VCalling conventions dictate exactly where return addresses and arguments sit in memory. This tutorial breaks down cdecl, stdcall, fastcall, Microsoft x64, and…Read →Exploit DevelopmentWinDbg Crash Course: Navigation, Commands, and Workflow for Exploit DevsLearn to drive WinDbg from first principles — attach to targets, read access violations, master every breakpoint type, and use Time Travel…Read →Exploit DevelopmentSetting Up Your Exploit Development Lab (VMs, Debuggers, Tools)Learn to build a fully isolated Windows exploit development lab with two VMs, WinDbg kernel debugging, x64dbg, mona.py, boofuzz, and vulnerable targets…Read →