Monthly DC303 meeting - How to Exploit Format String Bugs on Linux with pwntools

We will walk through the identification and step-by-step exploitation of format string vulnerabilities on Linux. These bugs provide write-what-where primitives that permit bypassing many modern exploitation prevention mechanisms. This bug type is often found in CTF challenges in the exploitation category and in the real world, too.

Attendees are encouraged to bring a Linux virtual machine with the pwntools package installed from here: https://github.com/Gallopsled/pwntools#readme

You should also install a toolchain (GCC) and debugger (GDB). Adding the pwndbg plugin for GDB is also helpful: https://github.com/pwndbg/pwndbg#readme