Intro to Binary Exploitation

Certification Link/Proof

• Path page: https://academy.hackthebox.com/path/preview/intro-to-binary-exploitation
• Proof: Verification available upon request.

Introduction

Binary exploitation covers the techniques for understanding and manipulating compiled programs to achieve code execution or other unintended behaviour. This course establishes foundations in computer architecture, assembly language, buffer overflows, and practical exploit scripting. These are key skills for advanced offensive work and vulnerability research.

Corporateses translation: Stuffing my exploits and shellcode into running memory to take boxes. Good times to be had for all, except the victim I guess.

Why I Took It

I completed this path to build a strong foundation in low-level exploitation techniques (stack overflows, basic ROP concepts, and assembly reasoning) so I could better understand vulnerability mechanics and develop more reliable exploit proof-of-concepts in real-world labs.

Now, Why I Actually Took It

As a primer to restart my OSED studies. I am really looking forward to ticking that one of my personal list. Unfortunately, shelved again since I transitioned to blue team.

Modules

1. Introduction to Python 3.
2. Intro to Assembly Language.
3. Stack-based Buffer Overflows on Linux x86.
4. Stack-based Buffer Overflows on Windows x86.

How This Connects

This course is why I could actually write those exploits instead of just copying PoCs from GitHub, changing the IP address, and praying they work.

Next step: OSED, which builds on these fundamentals with DEP/ASLR bypass, ROP chains, and modern mitigations. Feel free to check out my OSED study plan once a start that adventure. OSED Study

Related Work

• Vanilla Buffer Overflows
• OSED Study - In Progress
• Buffer Overflow Prep

Hands‑On/Labs

• Practical exercises include basic exploit development, controlled overflow labs, and scripting simple proof-of-concepts.
• Work completed in HackTheBox Academy lab environments; screenshots and short writeups available upon request.

Tools & Techniques Covered

• gdb/pwndbg, objdump/readelf, radare2 (analysis & debugging).
• Python 3 scripting for socket-based exploits and automating workflows.
• Basic use of nc, strace, and common binary hardening checks.
• Introduction to mitigation concepts (ASLR, DEP/NX, stack canaries) and early bypass patterns.

Tips & Lessons Learned

• Master the basics (registers, stack, calling conventions) before chasing complex ROP chains.
• Use incremental testing. Small, reproducible steps make exploit development manageable.
• Keep detailed notes and repeatable scripts; reproducibility is critical for reliable PoCs.
• Practice on intentionally vulnerable targets to retain safe and ethical habits.

Outcome/Status

• Verification available upon request.