Home

Awesome

UPDATED

So, I've begun to make some updated ctf stuff. The first big part, deals with heap ctf challs, and can be found here:

https://github.com/guyinatuxedo/Shogun

Nightmare

Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work (plus it's a really cool song).

What makes Nightmare different?

It's true there are a lot of resources out there to learn binary exploitation / reverse engineering skills, so what makes this different?

*    Amount of Content             -    There is a large amount of content in this course (currently over 90 challenges), laid out in a linear fashion.

*    Well Documented Write Ups         -    Each challenge comes with a well documented writeup explaining how to go from being handed the binary to doing the exploit dev.

*    Multiple Problems per Topic     -    Most modules have multiple different challenges. This way you can use one to learn how the attack works, and then apply it to the others. Also different iterations of the problem will have knowledge needed to solve it.

*    Using all open source tools     -    All the tools used here are free and open sourced. No IDA torrent needed.

*    A Place to Ask Questions         -    So if you have a problem that you've been working for days and can't get anywhere (and google isn't helping).

I have found that resources that have many of these things to be few and far between. As a result it can make learning these skills difficult since you don't really know what to learn, or how to learn it. This is essentially my attempt to help fix some of those problems.

Static Site

If you want, there is a static github pages site which people say looks better: https://guyinatuxedo.github.io/

Github

A copy of all of the challenges listed, can be found on the github: https://github.com/guyinatuxedo/nightmare

Special Thanks

Special thanks to these people:

noopnoop     -    For dealing with me
digitalcold  -    For showing me how good nightmare could look with mdbook
you nerds     -    For looking at this

Discord

If you get stuck on something for hours on end and google can't answer your question, try asking in the discord (or if you just feel like talking about cool security things). Here is a link to it https://discord.gg/p5E3VZF

Also if you notice any typos or mistakes, feel free to mention it in the Discord. With how much content is here, there is bound to be at least one.

Index

Here is the index for all of the content in this course. Feel free to go through the whole thing, or only parts of it (don't let me tell you how to live your life). For the order that you do the challenges in a module, I would recommend starting with the first.

Intro Departure

0.) Intro to the Project

1.) Intro to Assembly

2.) Intro to Tooling

3.) Beginner RE

Stack pt 0 Stack Tendencies

4.) Buffer Overflow of Variables

5.) Buffer Overflow Call Function

5.1) aslr/pie intro

6.) Buffer Overflow Call Shellcode

6.1) nx intro

7.) ROP Chain Statically compiled

7.1) stack canary intro

7.2) relro intro

8.) ROP Dynamically Compiled

General pt 0 Stardust Challenges

9.) Bad Seed

10.) Format strings

11.) Index Array

12.) Z3

13.) Angr

Stack pt 1 Return to Stack, truly a perfect game

14.) Ret2system

15.) Partial Overwrite

16.) SROP

17.) Stack Pivot / Partial Overwrite

18.) Ret2Csu / Ret2dl

General pt 1 Armstrong challenges

19.) Shellcoding pt 1

20.) Patching/Jumping

21.) .NET Reversing

22.) Movfuscation

23.) Custom Architectures

Heap Pt 0 rip Angel Beats

24.) Basic Heap overflow

25.) Intro to heap exploitation / binning

26.) Heap Grooming

27.) Edit Freed Chunk (pure explanation)

28.) Fastbin Attack

29.) tcache

30.) unlink

31.) Unsorted Bin Attack

32.) Large Bin Attack

33.) Custom Malloc

General Pt 2 Generic Isekai #367

34.) Qemu / Emulated Targets

35.) Integer Exploitation

36.) Obfuscated Reversing

37.) FS Exploitation

38.) Grab Bag

Heap pt 1 heap x heap

39.) House of Spirit

40.) House of Lore

41.) House of Force

42.) House of Einherjar

43.) House of Orange

44.) More tcache

45.) Automatic Exploit Generation

Ending Documentation