# Pwn - [Linux Exploitation](/ctfnote/pwn/linux-exploitation.md) - [Protections](/ctfnote/pwn/linux-exploitation/protections.md) - [Shellcoding](/ctfnote/pwn/linux-exploitation/shellcoding.md) - [Calling Convention](/ctfnote/pwn/linux-exploitation/shellcoding/calling-convention.md) - [Null-free](/ctfnote/pwn/linux-exploitation/shellcoding/null-free.md) - [Reverse Shell](/ctfnote/pwn/linux-exploitation/shellcoding/reverse-shell.md) - [ORW](/ctfnote/pwn/linux-exploitation/shellcoding/orw.md) - [ROP](/ctfnote/pwn/linux-exploitation/rop.md) - [Stack Alignment](/ctfnote/pwn/linux-exploitation/rop/stack-alignment.md) - [ret2text](/ctfnote/pwn/linux-exploitation/rop/ret2text.md) - [ret2syscall](/ctfnote/pwn/linux-exploitation/rop/ret2syscall.md): Set register values => call "int 0x80" (x86) or "syscall" (x86\_64) - [ret2libc](/ctfnote/pwn/linux-exploitation/rop/ret2libc.md): Leak a function address from libc => Compute libc base address => call system("/bin/sh") or use one\_gadget - [ret2csu](/ctfnote/pwn/linux-exploitation/rop/ret2csu.md) - [BROP](/ctfnote/pwn/linux-exploitation/rop/brop.md) - [SROP](/ctfnote/pwn/linux-exploitation/rop/srop.md) - [Stack Pivot](/ctfnote/pwn/linux-exploitation/rop/stack-pivot.md) - [ptmalloc](/ctfnote/pwn/linux-exploitation/ptmalloc.md): Glibc dynamic memory allocator - [chunks](/ctfnote/pwn/linux-exploitation/ptmalloc/chunks.md) - [malloc() and free()](/ctfnote/pwn/linux-exploitation/ptmalloc/malloc-and-free.md) - [bins](/ctfnote/pwn/linux-exploitation/ptmalloc/bins.md) - [tcache](/ctfnote/pwn/linux-exploitation/ptmalloc/tcache.md) - [UAF](/ctfnote/pwn/linux-exploitation/uaf.md) - [Race Conditions](/ctfnote/pwn/linux-exploitation/race-conditions.md) - [TOCTTOU](/ctfnote/pwn/linux-exploitation/race-conditions/tocttou.md) - [Dirty Cow](/ctfnote/pwn/linux-exploitation/race-conditions/dirty-cow.md) - [Meltdown](/ctfnote/pwn/linux-exploitation/race-conditions/meltdown.md) - [Spectre](/ctfnote/pwn/linux-exploitation/race-conditions/spectre.md) - [Kernel](/ctfnote/pwn/linux-exploitation/kernel.md) - [Appendix: Tools](/ctfnote/pwn/linux-exploitation/appendix-tools.md) - [socat](/ctfnote/pwn/linux-exploitation/appendix-tools/socat.md) - [LibcSearcher-ng](/ctfnote/pwn/linux-exploitation/appendix-tools/libcsearcher-ng.md) - [OneGadget](/ctfnote/pwn/linux-exploitation/appendix-tools/onegadget.md) - [Windows Exploitation](/ctfnote/pwn/windows-exploitation.md) - [Classic](/ctfnote/pwn/windows-exploitation/classic.md): !mona jmp -r esp => jmp esp - [SEH](/ctfnote/pwn/windows-exploitation/seh.md): !mona seh => pop pop ret ------ short jump => \xeb\x06\x90\x90 - [Egghunting](/ctfnote/pwn/windows-exploitation/egghunting.md): !mona egg => "w00tw00t" - [Unicode](/ctfnote/pwn/windows-exploitation/unicode.md): 0x00410041 => Venetian shellcode - [Shellcoding](/ctfnote/pwn/windows-exploitation/shellcoding.md): pop calc - [ROP](/ctfnote/pwn/windows-exploitation/rop.md): !mona rop => VirtualProtect() - [Appendix: Tools](/ctfnote/pwn/windows-exploitation/appendix-tools.md) - [ImmunityDbg](/ctfnote/pwn/windows-exploitation/appendix-tools/immunitydbg.md) - [Mona.py](/ctfnote/pwn/windows-exploitation/appendix-tools/mona.py.md) - [Fuzzing](/ctfnote/pwn/fuzzing.md) - [AFL++](/ctfnote/pwn/fuzzing/afl++.md) - [Quickstart](/ctfnote/pwn/fuzzing/afl++/quickstart.md) - [Instrumentation](/ctfnote/pwn/fuzzing/afl++/instrumentation.md) - [ASAN](/ctfnote/pwn/fuzzing/afl++/asan.md) - [Code Coverage](/ctfnote/pwn/fuzzing/afl++/code-coverage.md) - [Dictionary](/ctfnote/pwn/fuzzing/afl++/dictionary.md) - [Parallelization](/ctfnote/pwn/fuzzing/afl++/parallelization.md) - [Partial Instrumentation](/ctfnote/pwn/fuzzing/afl++/partial-instrumentation.md) - [QEMU Mode](/ctfnote/pwn/fuzzing/afl++/qemu-mode.md) - [afl-libprotobuf-mutator](/ctfnote/pwn/fuzzing/afl++/afl-libprotobuf-mutator.md) - [WinAFL](/ctfnote/pwn/fuzzing/winafl.md) - [Fuzzilli](/ctfnote/pwn/fuzzing/fuzzilli.md)