[[-basic overflow papers-]]
 
     
[-name-] [-description-] [-author-]
art-shellcode.txt "Hopefully you are familiar with generic shell-spawning shellcode. If not read Aleph's text "Smashing The Stack For Fun And Profit" before reading further. This article will concentrate on the types of shellcode needed to exploit daemons remotely. Generally it is much harder to exploit remote daemons, because you do not have many ways of finding out the configuration of the remote server. Often the shellcode has to be much more complicated, which is what this article will focus on."
Smiler
bufero.txt Mudge's "reminder note" to himself on writing overflows, AT&T assembly syntax asm, and gdb tricks: includes lots of commentary.
mudge
buffer.txt This paper is a walkthrough of detecting whether programs are vulnerable to buffer overflow exploits, how to exploit them, and how to write shellcode. This article was written with the beginner in mind.
Ghost_Rider
exploit.txt This paper aims to teach the novice - average C programmer how an overflow condition can be proven to be exploitable.
Mixter
heaptut.txt "This article explains how heap/BSS-based (data segment) overflows are fairly common in programs today; yet, they are rarely reported. Provided in this article is an explanation of heap-based overflows along with several methods of exploitation, demonstrations, and possible solutions/fixes to the problem."
Matt Connover
overflow_tutorial.txt brief introduction, does not cover writing shellcode
QuantumG
p49-14.txt This paper explains what buffer overflows are, and how their exploits work. Basic knowledge of assembly language is required. An understanding of virtual memory concepts, and experience with gdb are very helpful but not necessary. The creation of NULL free shellcode is demonstrated, and generic shellcode for several platforms and architectures is included at the end of the document.
Aleph One
perl-buffer.txt Writing Buffer Overflow Exploits with Perl
teleh0r
stealthcode.txt Many Intrusion Detection Systems search for buffer overflow attempts on the wire by searching for Null Operations (NOPs), which are represented as "0x90". NOPs are used to jump to the next instruction without any modification to the execution of assembly code, but that same functionality can be achieved by using a jump instruction (jmp 0x00) to the next instruction. Working shellcode without binary zeros (0x00) is included at the end of the article.
Xtremist