Leanpub Header

Skip to main content

Black Hat C

Low-Level Exploitation and Malware Engineering

This book is 100% completeLast updated on 2026-07-05

Real attacks don't live in slide decks. They live in the stack, the heap, the kernel. This code-first guide takes practitioners who already know C straight into how modern exploits and malware actually work, pairing every offensive technique with the defense built to stop it. Rigorous, hands-on, and strictly for isolated, legal, ethical lab use.

Minimum price

$19.00

$29.00

You pay

Author earns

$

Also available for 1 book credit with a Reader Membership

PDF
EPUB
About

About

About the Book

This book teaches how modern attacks work at the level where they actually happen: in memory, on the stack, inside the kernel. It is written for security engineers, penetration testers, malware analysts, and advanced students who already know C and want a rigorous, code-first understanding of exploitation and malware engineering. Each chapter pairs offensive techniques with defensive countermeasures. All examples are intended for isolated, legal, ethical use in a controlled lab environment.

Share this book

Bundle

Bundles that include this book

Author

About the Author

Steve T. Publications

Steve T. is a cybersecurity leader, researcher, and engineer with more than 20 years of experience across application security, infrastructure security, vulnerability management, software development, and secure engineering practices. Having built his career alongside the growth of the modern internet, he has worked through multiple generations of technology, evolving security threats, and changing development methodologies.

He is currently part of the advanced research organization at a leading cybersecurity company, where he focuses on emerging threats, security innovation, and the practical application of research. His work involves investigating new attack techniques, evaluating emerging technologies, conducting deep technical analysis, and helping organizations better understand and manage complex security risks.

In addition to his research responsibilities, Steve leads a team of senior engineers and subject matter experts who create technical books, training programs, and educational resources for security professionals. Through this work, he helps engineers, developers, architects, and security practitioners strengthen their skills and build more secure systems.

Steve's technical expertise spans software development, reverse engineering, web application security, penetration testing, security architecture, incident response, vulnerability research, operating system internals, and secure software development. His ability to analyze systems at both the source code and binary levels enables him to bridge the worlds of software engineering, security research, and practical defense.

Over the course of his career, Steve has worked with organizations across a wide range of industries, helping them identify, assess, and remediate security weaknesses in critical applications and infrastructure. He is recognized for combining deep technical expertise with a pragmatic approach to security, focusing on solutions that are effective, sustainable, and aligned with business goals.

Through his work in research, engineering, leadership, and education, Steve continues to contribute to the advancement of cybersecurity and the development of secure, resilient technology systems.

Contents

Table of Contents

Low-Level Exploitation and Malware Engineering

  1. From Buffer Overflows to Rootkits: A Practitioner’s Guide

Introduction

  1. How to use this book
  2. Ethical note

Chapter 1: The Attacker’s View of Memory and Execution

  1. A Minimal Vulnerable Program
  2. Process Layout: Text, Data, Heap, Stack
  3. ELF Format and Why It Matters
  4. x86/x64 Registers and the Call Stack
  5. How a Function Call Really Works (Calling Conventions)
  6. From Source to Assembly: Tracing One Example
  7. Segmentation, Paging, and Virtual Memory
  8. Defensive Note: Why You Must Know This

Chapter 2: Buffer Overflows–The Classic Weapon

  1. Anatomy of a Stack Buffer Overflow
  2. Controlling the Return Address
  3. Finding the Offset: Fuzzing with Patterns
  4. NOP Sleds and Shellcode Placement
  5. A Complete Exploit Walkthrough (Linux, x86)
  6. Return-to-libc: Exploitation Without Shellcode
  7. Defensive Note: Stack Canaries, ASLR, and Hardening Trade-offs

Chapter 3: Format String Vulnerabilities

  1. How printf Parses Its Arguments
  2. Leaking the Stack with %x and %p
  3. Overwriting Arbitrary Memory with %n
  4. A Realistic Exploit Example
  5. Chained Format String Attacks
  6. Real-World Example: CVE-2024-29510 in Ghostscript
  7. Defensive Note: Safe Formatting and Static Analysis

Chapter 4: Heap Exploitation and Use-After-Free

  1. How the Heap Is Managed (ptmalloc / glibc Basics)
  2. Off-by-One and Heap Overflows
  3. Use-After-Free: The Concept
  4. Exploiting UAF via Struct Overwrite
  5. Fastbin Attacks: A Concrete Walkthrough
  6. Defensive Note: Hardened Allocators and Sanitizers

Chapter 5: Shellcoding–Code That Runs Anywhere

  1. Constraints of Shellcode (No Null Bytes, No Fixed Addresses)
  2. Writing a Simple execve(“/bin/sh”) on Linux (x86)
  3. Writing a Simple execve(“/bin/sh”) on Linux (x86_64)
  4. Reverse TCP Shellcode: Connecting Back
  5. Position-Independent Tricks (Self-Referencing RIP, Syscall Stubs)
  6. Encoding and Decoding Payloads
  7. Embedding Shellcode in C Exploits
  8. Defensive Note: DEP/NX, CFG, and Sandboxing

Chapter 6: Bypassing Protections–ASLR, DEP, Canaries

  1. ASLR: How It Works and Where It Leaks
  2. Information Leaks via Pointers and CRT
  3. ROP Chaining (Return-Oriented Programming)
  4. Bypassing DEP with ROP
  5. Defeating Stack Canaries (Leak + Reuse)
  6. Defensive Note: Full Mitigation Stacks and SECCOMP

Chapter 7: Position-Independent Code and Exploit Engineering

  1. Static vs Dynamic Linking
  2. Position-Independent Executables (PIE)
  3. GOT/PLT Overwrites as an Attack Vector
  4. Leveraging libc Offsets in Exploits
  5. Combining Leaks, ROP, and GOT Hijacking
  6. Defensive Note: RELRO, BindsNow, and Full Hardening

Chapter 8: Anti-Analysis Techniques

  1. Detecting Sandboxes and VMs (CPUID, Timing, Artifacts)
  2. String Obfuscation and Encrypted Payloads
  3. Packed Binaries and Custom Unpackers
  4. Anti-Debugging Tricks (PTRACE, Timing, sysenter tricks)
  5. Flow Obfuscation and Control Integrity
  6. Defensive Note: Dynamic Analysis Strategies

Chapter 9: Rootkits–Hiding in the Kernel

  1. Userland vs Kernel Rootkits
  2. Inline Hooking System Calls (Linux Example)
  3. Modifying the System Call Table (Conceptual)
  4. Hiding Processes, Files, and Network Sockets
  5. Driver-Based Persistence on Windows (Conceptual)
  6. Defensive Note: Integrity Checking, eBPF, and PatchGuard

Chapter 10: Malware Development Patterns

  1. Process Injection Techniques (CreateRemoteThread, APC Injection)
  2. Reflective DLL Loading
  3. Living Off the Land (LOLBins and Scripts)
  4. Command and Control (C2) Channel Design
  5. Fileless Persistence and Memory-Only Techniques
  6. Defensive Note: EDR, Telemetry, and Behavioral Detection

Chapter 11: Putting It All Together–A Controlled Case Study

  1. The Lab: Dockerized, Isolated Test Environment
  2. Target Service with Multiple Flaws
  3. Step-by-Step Exploit Development
  4. Adding Evasion and Persistence Layers
  5. Post-Exploitation View
  6. Defensive Note: How a Hardened System Would Resist This
  7. Defensive Note: How a Hardened System Would Resist This

Conclusion

References

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub