A Deep Dive into Memory Corruption Vulnerabilities, Exploitation, and Defense
Introduction
Chapter 1: Computer Memory Architecture and CPU Fundamentals
- The Von Neumann Architecture and Memory Addressing
- CPU Registers and Their Roles
- Instruction Execution and the Fetch-Decode-Execute Cycle
- Endianness and Data Representation
- Privilege Levels and Ring Architecture
- Memory Mapping at the Hardware Level
Chapter 2: Process Memory Layout and Operating System Memory Management
- Virtual Memory and Address Translation
- The Text, Data, BSS, Heap, and Stack Segments
- Shared Libraries and Dynamic Linking
- Memory Allocation: malloc, free, and the Allocator
- Page Tables and the MMU
- Cross-Platform Differences: Linux vs Windows Memory Layout
Chapter 3: Assembly Language Essentials and Calling Conventions
- x86 and x86_64 Instruction Set Overview
- Common Instructions for Exploit Development
- The Stack Frame: Prologue, Epilogue, and Local Variables
- System V AMD64 ABI Calling Convention
- Windows x64 Calling Convention
- Position-Independent Code and Relocations
Chapter 4: Debugging Workflows and Binary Analysis Foundations
- GDB Essentials for Security Research
- WinDbg, x64dbg, and Mona.py on Windows
- Memory Inspection and Breakpoint Strategies
- Reverse Engineering with radare2 and Ghidra
- Static Analysis: objdump, readelf, and PE Tools
- Dynamic Analysis and Instrumentation with Frida
Chapter 5: Stack-Based Buffer Overflows
- Anatomy of a Stack-Based Overflow
- Return Address Overwriting and Control Flow Hijacking
- Finding the Offset: Pattern Creation and Crash Analysis
- NOP Sleds and Shellcode Placement
- Environment Variables and Stack Spraying
- Impact on Windows and Linux Systems
- Walkthrough: Complete Stack Overflow Exploit with Shellcode Injection
Chapter 6: Heap-Based Buffer Overflows and Heap Manipulation
- How Memory Allocators Work: glibc ptmalloc and Windows Heap
- Heap Chunk Metadata and Free List Management
- Heap Overflow Exploitation Techniques
- Bin Sorting and Consolidation Attacks
- House of Force, House of Spirit, and Named Heap Techniques
- Walkthrough: Fastbin Attack with Arbitrary Write Primitive
Chapter 7: Related Memory Corruption Vulnerabilities
- Off-by-One Errors and Their Exploitation
- Integer Overflows Leading to Memory Corruption
- Use-After-Free Vulnerabilities
- Double-Free and Freed Pointer Manipulation
- Format String Vulnerabilities
- Out-of-Bounds Reads and Writes
- Race Conditions Affecting Memory Safety
- Walkthrough: Tcache Poisoning UAF with Vtable Overwrite
- Walkthrough: Format String Arbitrary Write via GOT Overwrite
Chapter 8: Shellcode Fundamentals and Control Flow Hijacking
- What Is Shellcode and Why It Matters
- Writing Position-Independent Shellcode
- Syscall-Based Shellcode for Linux
- Windows API Resolution and LoadLibrary Techniques
- Null Byte Handling and Encoding
- Polymorphic and Encoded Payloads
- Walkthrough: Building and Executing Shellcode in a Stack Overflow
Chapter 9: Return-Oriented Programming and Code Reuse Attacks
- The Problem DEP Solved and the ROP Solution
- Building ROP Chains: Gadgets, Pivots, and Registers
- Finding Gadgets with ropper and ROPgadget
- ROP on Linux: System Call Construction
- ROP on Windows: VirtualAlloc and WinExec
- Walkthrough: Complete ROP Chain Against a Hardened Binary
- Jump-Oriented Programming (JOP)
- Signal-Oriented Programming (SROP)
- Oriented Return Composition (ORC)
Chapter 10: Information Leaks and Address Disclosure
- Why ASLR Makes Exploitation Harder
- Heap Spraying and Deterministic Memory Layout
- Format String Information Disclosure
- Return-to-PLT and GOT Overwrite for Leaks
- Walkthrough: Multi-Stage Exploit Chain with ASLR Bypass
- Windows ASLR Bypass Techniques
- Partial Overwrites and Reduced Entropy
- Cross-Process Information Gathering
Chapter 11: Modern Defenses and Mitigations
- DEP/NX: Non-Executable Memory Pages
- ASLR: Address Space Layout Randomization
- Stack Canaries and ProPolice
- PIE, RELRO, and GOT Protection
- SafeSEH and CFG on Windows
- Control Flow Integrity (CFI)
- Intel CET: Shadow Stacks and Indirect Branch Tracking
- ARM Pointer Authentication (PAC)
- Sandboxing and Process Isolation
Chapter 12: Bypass Research and the Exploit-Mitigation Arms Race
- The Timeline: From Stack Smashing to Modern Defenses
- Canary Bypass Techniques
- ASLR Entropy Analysis and Bypass
- Full RELRO and GOT Write Limitations
- CFI Bypass Research
- CET Bypass Approaches
- PAC Bypass on ARM
- The Future: What Comes Next
Chapter 13: Vulnerability Research Methodologies
- Fuzzing Strategies: Coverage-Guided and Mutation-Based
- Walkthrough: Setting Up and Running a Fuzzing Campaign
- Crash Triage and Root Cause Analysis
- Binary Analysis: Symbolic Execution and Concolic Testing
- Memory Sanitizers: ASan, MSan, UBSan
- Differential Fuzzing and Cross-Platform Comparison
- Responsible Disclosure and CVE Assignment
Chapter 14: Secure Coding Practices and Compiler Hardening
- Safe String and Memory Functions
- Bounds Checking and Safe Integer Arithmetic
- Compiler Flags: FORTIFY_SOURCE, StackProtector, CFProtection
- Memory-Safe Languages: Rust as an Alternative
- Code Review Techniques for Memory Safety
- Static Analysis Tools: Clang Analyzer, Coverity, PVS-Studio
Chapter 15: Exploit Detection, Incident Response, and Forensics
- Detecting Buffer Overflow Attacks in the Wild
- EDR and Behavioral Monitoring for Memory Corruption
- Core Dump Analysis and Post-Mortem Debugging
- Network-Level Exploit Detection
- Incident Response Playbooks for RCE Events
- Forensic Timeline Reconstruction
- Lessons from Major Exploit Incidents
- Walkthrough: Forensic Analysis of a Stack Overflow Exploit
