> For the complete documentation index, see [llms.txt](https://book.jorianwoltjer.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.jorianwoltjer.com/binary-exploitation.md). # Binary Exploitation - [Reverse Engineering for Pwn](https://book.jorianwoltjer.com/binary-exploitation/reverse-engineering-for-pwn.md): Understand the binary and find vulnerabilities by analyzing it - [PwnTools](https://book.jorianwoltjer.com/binary-exploitation/pwntools.md): A Python library that helps in creating scripts for binary exploitation, doing many things automagically - [ret2win](https://book.jorianwoltjer.com/binary-exploitation/ret2win.md): Jump to a predefined function in the binary, even with arguments - [ret2libc](https://book.jorianwoltjer.com/binary-exploitation/ret2libc.md): Using a buffer overflow to call the libc system("/bin/sh") function - [Shellcode](https://book.jorianwoltjer.com/binary-exploitation/shellcode.md): Writing and debugging your own shellcode - [Stack Canaries](https://book.jorianwoltjer.com/binary-exploitation/stack-canaries.md): Two protections that use a secret unpredictable value to reduce exploitability in memory corruption. Learn how to bypass them in certain scenarios - [Return-Oriented Programming (ROP)](https://book.jorianwoltjer.com/binary-exploitation/return-oriented-programming-rop.md): Return-Oriented Programming is a common technique for exploiting buffer overflows by executing gadgets to do what you want - [SigReturn-Oriented Programming (SROP)](https://book.jorianwoltjer.com/binary-exploitation/return-oriented-programming-rop/sigreturn-oriented-programming-srop.md): A special technique in ROP to set all registers only using a syscall - [ret2dlresolve](https://book.jorianwoltjer.com/binary-exploitation/return-oriented-programming-rop/ret2dlresolve.md): A way to exploit buffer overflows using ROP when not many gadgets are available, and Full RELRO is disabled - [Sandboxes (chroot, seccomp & namespaces)](https://book.jorianwoltjer.com/binary-exploitation/sandboxes-chroot-seccomp-and-namespaces.md): Escaping from sandboxes environments by exploiting the capabilities that were left open - [Race Conditions](https://book.jorianwoltjer.com/binary-exploitation/race-conditions.md): Multiple processes running at the same time messing with each other or interrupting code with other code to create brief flawed states --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://book.jorianwoltjer.com/binary-exploitation.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.