Program Security

CSE 466 - Fall 2025.

In the realm of cybersecurity, your journey mirrors that of a martial artist mastering the art of defense and attack. The “Program Security” module is where you will train in the ancient techniques of shellcoding and memory corruption. Like a skilled martial artist wielding precise strikes, you will learn to craft shellcode that slips past defenses with the agility of a shadow. You will also study memory corruption vulnerabilities, discovering how to exploit pinpoint weaknesses with the precision of a pressure point strike.

Shellcoding Resources

Lots of external resources are referred to in the module videos. Additionally, the following reading material is useful:

Shellcoding challenges

Write and execute shellcode to read the flag, but your inputted data is filtered before execution.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but the inputted data cannot contain any form of system call bytes (syscall, sysenter, int), can you defeat this?

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but the inputted data cannot contain any form of system call bytes (syscall, sysenter, int), this challenge adds an extra layer of difficulty!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but you only get 18 bytes.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but your input has data inserted into it before being executed.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but every byte in your input must be unique.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but this time you only get 12 bytes!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write and execute shellcode to read the flag, but this time you only get 6 bytes :)

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Memory Corruption Resources

OpenSecurityTraining2 has courses covering security vulnerabilities: Vulnerabilities 1001 and Vulnerabilities 1002.

Memory Corruption Class Streams

Follow along with a live class with the same demo the instructor used.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Memory Corruption Challenges

Leverage memory corruption to satisfy a simple constraint

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage memory corruption to satisfy a simple constraint

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass a check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass a check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass another check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time bypass another check designed to prevent you from doing so!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage memory corruption to leak the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage memory corruption to leak the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage an Array to obtain the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage an Array to obtain the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage an Array to obtain the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leverage an Array to obtain the flag.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time in a PIE binary with a stack canary. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and smash the stack to obtain the flag, but this time in a PIE binary with a stack canary. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Overflow a buffer and leak the flag. Be warned, this requires careful and clever payload construction!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Defeat a stack canary in a PIE binary by utilizing a bug left in the binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Defeat a stack canary in a PIE binary by utilizing a bug left in the binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally by utilizing clever payload construction.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally by utilizing clever payload construction.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally to defeat a stack canary in a PIE binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Leak data left behind unintentionally to defeat a stack canary in a PIE binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Defeat a stack canary in a PIE binary by utilizing a network-style fork server in the target binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Defeat a stack canary in a PIE binary by utilizing a network-style fork server in the target binary.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Complex Corruption

Exploitation begins at the intersection of two core ideas: corrupting program memory and gaining control-flow. Memory corruption provides the foothold, allowing control over a program’s execution by overwriting critical data such as return addresses or other valuable pointers. Shellcode provides the payload, a carefully crafted sequence of instructions designed to carry out specific actions once execution is redirected. When combined, these concepts illustrate the foundation of software exploitation: not just crashing a program, but deliberately shaping its behavior to execute attacker-controlled code.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Complex Corruption Challenges

Write a full exploit involving injecting shellcode and a method of tricking the challenge into executing it by utilizing clever payload construction.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write a full exploit involving injecting shellcode and a method of tricking the challenge into executing it by utilizing clever payload construction.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write a full exploit involving injecting shellcode, and a method of tricking the challenge into executing your payload.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Write a full exploit involving injecting shellcode, and a method of tricking the challenge into executing your payload.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Exploit the binary to obtain the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Exploit the binary to obtain the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Exploit the binary to obtain the flag!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank		Hacker	Badges		Score

Program Security

CSE 466 - Fall 2025.

Shellcoding Resources

Shellcode Injection: Introduction

Shellcode Injection: Introduction

Shellcode Injection: Common Challenges

Shellcode Injection: Common Challenges

Shellcode Injection: Data Execution Prevention

Shellcode Injection: Data Execution Prevention

Shellcoding Tips and Tricks

Shellcoding Tips and Tricks

Further Reading

Further Reading

Shellcoding challenges

Ello Ackers 71 solves

Ello Ackers

Connect with SSH

Syscall Smuggler 62 solves

Syscall Smuggler

Connect with SSH

Syscall Shenanigans 60 solves

Syscall Shenanigans

Connect with SSH

Byte Budget 49 solves

Byte Budget

Connect with SSH

Clobbercode 48 solves

Clobbercode

Connect with SSH

Diverse Delivery 46 solves

Diverse Delivery

Connect with SSH

Pocket Payload 39 solves

Pocket Payload

Connect with SSH

Micro Menace 40 solves

Micro Menace

Connect with SSH

Memory Corruption Resources

Memory Errors: Introduction

Memory Errors: Introduction

Memory Errors: High-level Problems

Memory Errors: High-level Problems

Memory Errors: Smashing the Stack

Memory Errors: Smashing the Stack

Memory Errors: Causes of Corruption 1

Memory Errors: Causes of Corruption 1

Memory Errors: Causes of Corruption 2

Memory Errors: Causes of Corruption 2

Memory Errors: Stack Canaries

Memory Errors: Stack Canaries

Memory Errors: ASLR

Memory Errors: ASLR

Memory Errors: Causes of Disclosure

Memory Errors: Causes of Disclosure

Memory Errors: Tips and Tricks

Memory Errors: Tips and Tricks

Memory Errors: The Global Offset Table

Memory Errors: The Global Offset Table

Further Reading

Further Reading

Memory Corruption Class Streams

Cooking with Canaries

Cooking with Canaries

Cooking with Canaries Demo 1 solves

Cooking with Canaries Demo

Connect with SSH

Memory Corruption Challenges

Login Leakage Easy 172 solves

Login Leakage Easy

Connect with SSH

Login Leakage Hard 165 solves

Login Leakage Hard

Connect with SSH

Bounds Breaker Easy 68 solves

Bounds Breaker Easy

Connect with SSH

Bounds Breaker Hard 67 solves

Bounds Breaker Hard

Connect with SSH