🔍 core concepts covered

• under-the-hood behavior of C programs: how C programs are compiled and executed, stack layout, calling conventions, and assembly-level representations of control structures.
• common C vulnerabilities & exploits:
  • buffer overflows: manual exploitation via stack smashing, EIP/RIP overwrite, and bypassing non-executable stack protections.
  • pointer vulnerabilities: attacks using function/data pointers, including behavior in dynamically allocated memory.
  • format string vulnerabilities: abused variadic functions (e.g., printf) to leak and manipulate memory.
  • integer overflows & wraparounds: improper arithmetic leading to memory corruption and logic errors.
  • file I/O vulnerabilities: path traversal and TOCTOU race conditions.
  • concurrency risks: deadlocks and race-condition bugs from improper multithreading.
• assembly-level debugging: proficiency in x86; mapping C constructs to machine-level ops; used gdb and objdump to reverse, debug, and analyze behavior.
• secure coding practices: defensive programming, input validation, memory-safety checks, and secure design; followed CERT C guidelines.

🧪 projects & hands-on work

• crafted exploits for vulnerable C programs using gdb, pwndbg, and custom shellcode.
• re-implemented real-world vulns to study root causes and mitigations.
• final project: audited a C application for multiple vulns and rewrote it with secure coding practices.

tools & environment

• debuggers: gdb (+ pwndbg/gef)
• binutils: objdump, readelf, strings, nm
• exploit dev: pwntools, ROPgadget, one_gadget
• os: linux (ubuntu/kali), docker for isolated labs

outcomes

This course greatly enhanced my low-level security skills, making me more proficient in reverse engineering, exploit development, and secure C programming. It also reinforced a deep understanding of how software vulnerabilities are introduced—and how they can be prevented—right at the source.