⌘K
GitHub
registry

Reference Registry — Binary Exploitation

Purpose

This note standardizes references for the binary-exploitation branch.

Use it to: - keep memory-corruption and exploit-development notes tied to canonical primary sources (Phrack, Intel/ARM specifications, the major textbooks and toolkits) - avoid the bottomless backlog of CTF write-ups; cite the canonical paper or tool, not the i-th write-up of it - keep this branch centered on memory corruption, exploitation primitives, mitigation engineering, and binary-level reverse engineering

Source of truth rule

For binary-exploitation notes, this registry is the primary source of truth.

Use it together with: - <a href="binary-exploitation/index.html">Binary Exploitation Index</a> - <a href="reference-registry-detection-engineering.html">Reference Registry — Detection Engineering</a> when notes reach into exploit-detection telemetry - <a href="reference-registry-cryptography.html">Reference Registry — Cryptography</a> when notes touch on cryptographic memory disclosure (Heartbleed-class issues, key-extraction side channels)

Reference selection policy

Source priority

  1. Foundational — Phrack articles, original CVE disclosures, vendor security blogs (MSRC, Project Zero, Apple Security Research, AMD/Intel/ARM specifications)
  2. Research / Deep Dive — the major books (Practical Binary Analysis, Hacking: The Art of Exploitation, Practical Malware Analysis) and named research papers
  3. Official Tool Docs — pwntools, AddressSanitizer, libFuzzer / AFL++, ROPgadget, Ghidra, Radare2 / Rizin, IDA Pro, angr
  4. Industry / Operational — Microsoft's memory-safety statistics, Chromium security blog, Apple Security Engineering posts, MITRE CWE

Per-note target

  • minimum 2 references
  • ideal 3 references

Labeling

Use: - Foundational - Research / Deep Dive - Official Tool Docs - Hardening (for mitigation-focused references)

Binary-exploitation topic map

memory-corruption

Preferred references: - Foundational: Aleph One — Smashing the Stack for Fun and Profit (Phrack 49, 1996) — http://phrack.org/issues/49/14.html - Research / Deep Dive: Microsoft Security Response Center — A proactive approach to more secure code (memory-safety statistics) — https://msrc.microsoft.com/blog/2019/07/a-proactive-approach-to-more-secure-code/ - Research / Deep Dive: Dennis Andriesse — Practical Binary Analysis (No Starch Press, 2018) — the modern reference - Official Tool Docs: AddressSanitizer — https://clang.llvm.org/docs/AddressSanitizer.html - Hardening: ARM — Memory Tagging Extension (MTE) — https://developer.arm.com/documentation/108035/latest/

stack-buffer-overflow

Preferred references: - Foundational: Aleph One — Smashing the Stack for Fun and Profit (Phrack 49, 1996) — http://phrack.org/issues/49/14.html - Research / Deep Dive: Dennis Andriesse — Practical Binary Analysis (No Starch Press, 2018) - Official Tool Docs: pwntools — https://docs.pwntools.com/ - Hardening: Intel — Control-flow Enforcement Technology (CET) specification — https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

exploit-mitigations

Preferred references: - Research / Deep Dive: Microsoft Security Response Center — A proactive approach to more secure code — https://msrc.microsoft.com/blog/2019/07/a-proactive-approach-to-more-secure-code/ - Hardening: Intel — Control-flow Enforcement Technology (CET) specification — https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf - Hardening: ARM — Memory Tagging Extension (MTE) — https://developer.arm.com/documentation/108035/latest/ - Hardening: Linux kernel — Self-Protection documentation — https://www.kernel.org/doc/html/latest/security/self-protection.html

rop-and-ret2libc

Preferred references: - Foundational: Hovav Shacham — The Geometry of Innocent Flesh on the Bone (CCS 2007, the foundational ROP paper) — https://hovav.net/ucsd/dist/geometry.pdf - Foundational: Solar Designer — Getting around non-executable stack (Bugtraq, 1997, the original ret2libc disclosure) — https://seclists.org/bugtraq/1997/Aug/63 - Official Tool Docs: pwntools ROP module — https://docs.pwntools.com/en/stable/rop/rop.html - Official Tool Docs: ROPgadget — https://github.com/JonathanSalwan/ROPgadget

Suggested next registry entries

Add these when the branch expands: - heap-buffer-overflow-and-allocator-exploitation - use-after-free-and-dangling-pointers - double-free-and-allocator-corruption - out-of-bounds-read-and-info-leaks - integer-overflow-and-type-confusion - rop-and-ret2libc - aslr-pie-and-info-leak-chains - format-string-bugs - got-and-plt-abuse - exploit-mitigations - stack-canaries-and-shadow-stacks - arm-mte-and-memory-tagging - control-flow-integrity-cfi - elf-binary-format - reverse-engineering-loop - fuzzing-with-libfuzzer-and-afl - sanitizers-asan-msan-ubsan - symbolic-execution-and-angr - detect-memory-corruption-exploitation

Registry usage rules

  • choose the smallest set of strongest references for the exact note
  • prefer one Phrack/spec/textbook reference + one canonical tool-docs reference per note where possible
  • keep references centered on memory corruption, exploitation primitives, and binary-level mitigations; route cryptographic-protocol-failure topics through the cryptography registry, kernel-detection topics through detection-engineering