- Remote Code Execution (RCE)
- Code injection
- Unchecked assumptions
- Buffer overflow
- gets problem (and strcpy, strcat, etc.)
- Black box testing
- Stack smashing
- Stack pointer
- Frame pointer
- Unsafe and safe functions
- Benign overflow
- Malicious overflow
- NOP slide, landing zone
- Off-by-one error
- What does %n do in printf?
- Heap overflows
- Fuzzing
- Acceptance criteria
- Data Execution Prevention (DEP)
- No execute (NX) permission
- Return-to-libc
- Return Oriented Programming (ROP)
- Gadget
- Address Space Layout Randomization (ASLR)
- Entropy
- Stack Canary
- Shadow stack
Memory Vulnerabilities and Exploitation
Terms and concepts you should know