# Lab05: dep-aslr

From this week, data sections in each binary (e.g., stack and heap)
are not executable anymore; often known as W^X, NX or DEP. Then, where
to place your shellcode? In fact, there are still many different ways
to bypass these protections. Please study reference materials first
and have fun with binaries.

* Problems

  + [level 00] tut05-fmtstr         [20 points]
  + [level 01] libbase              [20 points]
  + [level 02] moving-target        [20 points]
  + [level 03] fmtstr-digging       [20 points]
  + [level 04] fmtstr-read          [20 points]
  + [level 05] fmtstr-write         [20 points]
  + [level 06] brainfxxk            [20 points]
  + [level 07] fd-const             [20 points]
  + [level 08] fmtstr-heap          [20 points]
  + [level 09] profile              [20 points]
  + [level 10] mini-sudo            [20 points]

* Refs
  - <https://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-slides.pdf>
  - <http://phrack.org/issues/58/4.html>
  - <https://cs155.stanford.edu/papers/formatstring-1.2.pdf>