Battling the Intimidating Binary Exploitation for Beginners

Alexis Lingad
5 min readMay 18, 2024

--

When I started joining hacking competitions a decade ago, binary exploitation category is always have the least number of solved. A lot of my friends also in the cyber security field stay away from these kind of hacking and prefer to go to the path of network hacking or web app hacking.

When I asked them why, here are some of the reasons:

  1. Assembly Language is hard and takes a huge time and effort to master.
  2. Not good with Source Code Review and prefer black box approach.
  3. They prefer to use and just understand existing exploit rather than Developing their Own Exploit.

If you feel this way then you are not alone.
(At the end of this article, I will tell you why this path is worth it.)

And maybe, you are now asking, what can be the solution to this viral problem in the industry?
I have a general solution and a specific solution.

The general solution is none other than:
Do it consistently, even if it is slow or little by little. It will be hard for the first few months or years, but there is no other way to be good at it but to do it. You lose if you give up.

The specific solution on how to do it in my opinion is this:

  1. Learn Assembly language and take time to fully understand the basics of it. Do not take the shortcut but learn the basics in the phasing where you will really understand it and once you do, you will thank me later.
    Here are the best resource that I think will really help you in this item:
    - HTB’s Intro to Assembly Language : The approach here is very practical which works for people who learn by doing. It also teach the subject in a hacker perspective which helps you to understand the relevance of it in the hacking process. (It used x64)
    - Reverse Engineering for Everyone : This teach you not just x64 but also x86, ARM-32, and ARM-64. Although this is free, you still need to YouTube and Google some of the things in here since it really focus on using assembly language for reverse engineering.
  2. Sharpen your C and Python. Most of the binaries you will review the source code is C or C++ but I prefer you to learn C first. Then once you know where the vulnerability is within the C code, you can use your Python skills you have in order for you to create an exploit.
    For learning C and Python, there’s a lot of tutorials out there that you can use and you do not have to be the top 1% programmer to be in this field. The important thing is you became confident with it.
    Here is one of the example video why you don’t need to be the top 1% in coding (this kid found a zero day vulnerability even though he is not really the best in programming in C): https://youtu.be/xp1YDOtWohw?si=FzBp9TjTX1983hdk&t=163
    Another good resource to practice your exploit development in Python is the book called “Black Hat Python 2nd Edition”. You will encounter some bugs that you need to solve but it is worth it since in the long run of solving those problems, you will also learn and start to dig deeper on the things you didn’t understand in the past.
  3. Practice Binary Exploitation (With Writeups). Maybe you are asking, where should we practice and what kind of strategy we will use to exploit those binaries? Well, there is a lot of challenges that were made already regarding binary exploitation and we are lucky to have a resource that brings the explanation of the strategy on how to hack it in a very organized manner while practicing and adding those strategies in our methodologies:
    - https://guyinatuxedo.github.io also known as “Nightmare” by the author since as per him, getting hit by a 0-day using the strategies we can acquire here is a real nightmare for every organizations that are affected. In here, you can see that it is really from zero to hero FREE course with lot of challenges every after the lessons that will enable you to practice and add strategies in your methodologies.
  4. Practice Binary Exploitation (Without Writeups). Before jumping in this step, make sure you already have some decent amount of strategies to use in the battle. This can be a CherryTree notes composed of your methodologies in different given situations or exploit patterns you saw in the previous practice challenge you had.
    Here are some of the labs you can use to practice binary exploitation and of course, do not look up the solution write ups for these challenges so you can really see where is your weaknesses and once found, focus on honing your skills on that area:
    - HTB Challenge: Pwn category : This is a good practice environment from HackTheBox since it is gamified. The connection from the labs here are the most stable compare to the other laboratories. If you became really good then they still have harder challenges that can still challenge you and at the same time, you can use in the real life binary exploitation.
    - Here are the other alternatives you can use for practice:
    a. Pwn College: https://pwn.college/dojos
    b. PicoCTF — Binary Exploitation category: https://play.picoctf.org
  5. Practice Vulnerability Research. Grab some REAL previous vulnerability or CVEs on a certain binary. After that, try to use what we’ve learn from #1 — #4 to also find the vulnerability yourself. You can focus on Remote Code Execution vulnerabilities since this is one of the most critical findings that can give you a lot of rewards.
Rewards for Zero Day Found in Desktops/Servers
Rewards for Zero-Day Found in Mobile

Why this is worth it?
Well, look at how big the rewards for this again in the previous picture.
From $10,000 to $2,500,000! Knowing that you can do what you love while not worrying about money for tomorrow is kinda a good thing to have. However, this is not all about money. The intellectual challenge that these things will give you once you have the grasp of the strategies is very satisfying and based on the people who found zero-days, knowing that you protect millions of people who are using that specific binary from bad hackers is a very satisfying act of heroism as a hacker.

Are you still intimidated? Do you still wanna give up?
It’s up to you now but I hope this article helped you on realizing things in this intimidating path.

--

--

Alexis Lingad

CRTO | OSWP | eCPPT | eCDFP | eWPT | CEH | Author of Cyber Defender | Creator of Hackuna Anti-Hack | WTH Hacker Games Champion 2015&2017 | alexislingad.org