Understanding NX | The Offensive Labs

Autoplay
Autocomplete

Previous Lesson Complete and Continue

Exploit Development for Linux (x86_64)

x64 Assembly Crash Course

Introduction (1:28)
MOV Instruction (10:39)
Sub registers (6:25)
ADD, SUB, INC, DEC Instructions (8:38)
Avoiding Null Bytes (5:21)
PUSH & POP Instructions (5:16)
XOR Instruction (3:16)
CMP & JMP Instructions (9:37)
CALL & RET Instructions (11:31)

Exploit Development

Introduction (1:01)
Compiling the vulnerable program (6:11)
Crashing the program (9:11)
Finding the offset (12:01)
Final Exploit (15:05)
Updating the exploit to work with gets function (7:57)
jmp rax exploit - introduction (6:17)
jmp rax exploit (3:56)
jmp rsp exploit - introduction (6:58)
jmp rsp exploit (11:54)

Writing Shellcode

Introduction (1:01)
The process of writing shellcode (2:45)
Exit shellcode - Part 1 (6:24)
Exit shellcode - Part 2 (Removing null bytes) (10:09)
Execve shellcode (18:29)
Reverse tcp shellcode - Part 1 (8:01)
Reverse tcp shellcode - Part 2 (19:11)
Reverse tcp shellcode - Part 3 (8:06)

Exploit mitigation techniques and bypasses

Introduction (1:22)
Understanding NX (6:21)
Return to Libc Attack - Part 1 (8:03)
Return to Libc Attack - Part 2 (9:13)
Return to Libc Attack - Part 3 (16:20)

Return Oriented Programming

Introduction to Return Oriented Programming (ROP) (6:52)
Introduction to mprotect (10:52)
Return Oriented Programming to bypass NX (33:19)

PLT and GOT

Introduction to PLT & GOT (9:36)
Ret2plt to bypass NX & ASLR (14:26)

Conclusion

Course Conclusion (0:24)

Teach online with

Understanding NX

Lesson content locked

If you're already enrolled, you'll need to login.

Enroll in Course to Unlock