PwnLand is an open-source repository maintained by PwnFuzz, an R&D lab specializing in fuzzing, reverse engineering, vulnerability research, and exploit development. This repository serves as a comprehensive resource for security researchers, CTF players, and anyone interested in binary exploitation.
PwnLand contains practical examples, tutorials, CTF writeups, and research materials covering various aspects of binary exploitation, including:
- Buffer Overflows and ROP Chains
- Format String Vulnerabilities
- Heap Exploitation Techniques
- Kernel Exploitation
- Assembly Language Fundamentals
- Binary Debugging Strategies
Whether you're a beginner or an experienced security researcher, PwnLand provides hands-on materials to enhance your understanding of exploitation techniques across different environments and security mechanisms.
- Directory Structure
- Exploitation Techniques
- CTF Writeups
- Research Materials
- Assembly Resources
- Debugging Guides
- Challenges
- Getting Started
- Contributing
- License
.
├── Assembly/ # Assembly language fundamentals
├── Attachments/ # Supporting images and resources
├── binaries/ # Example binaries for practice
├── BufferOverflows/ # Buffer overflow techniques and examples
├── Challenges/ # Practice challenges
├── CTFs/ # Writeups and solutions for CTF challenges
├── Debugging/ # Debugging techniques and guides
├── Format String/ # Format string vulnerability tutorials
├── Heap/ # Heap exploitation techniques
├── Kernel/ # Kernel exploitation examples
└── Research/ # Deep dives into exploitation concepts
Navigate to BufferOverflows/ to explore:
-
Basic Overflow Techniques
-
Return-to-libc Attacks
-
Return-Oriented Programming (ROP)
-
Additional Resources
Navigate to Format String/ to learn about:
- Introduction to Format String Vulnerabilities
- GOT Overwrite to System
- Writing Shellcode to BSS
- Variable Value Overwrite
Navigate to Heap/ for techniques organized by GLIBC version:
-
GLIBC 2.23
-
GLIBC 2.27
Navigate to Kernel/ to explore:
This section was contributed by Nikhil. The following blog posts are beginner-friendly and offer in-depth guidance for those starting out with Windows kernel exploitation on modern systems.
- Kernel Exploitation Primer 0x0 - Windows Driver 101
- Kernel Exploitation Primer 0x1 - Setup & Reversing
- Kernel Exploitation Primer 0x2 - SMEP & kASLR & VBS
- Kernel Exploitation Primer 0x3 - VBS & HVCI
- Kernel Exploitation Primer 0x4 - Type Confusion & Use-After-Free Vulnerabilities
- Kernel Exploitation Primer 0x5 - Arbitrary Write (Write-What-Where)
Explore solutions from various CTF competitions:
- DownUnderCTF 2020
- HacktivityCon 2020
- DarkCon 2021
- DiceCTF 2021
- SecurinetsCTF 2021
- CyberApocalypse 2021
- NahamCon 2021
- BlueHens 2021
- 3kCTF 2020
- HTB RopeTwo
Navigate to Research/ for deep dives into:
- malloc() Internals
- free() Internals
- calloc() Internals
- realloc() Internals
- Hook Functions
- Tcache Mechanisms
- Stdout Functions
- Overflow Techniques
Navigate to Assembly/ for:
Navigate to Debugging/ for:
Navigate to Challenges/ to test your skills:
To get started with PwnLand:
-
Clone this repository:
git clone https://github.com/PwnFuzz/PwnLand.git
-
Browse to a topic of interest in the repository.
-
Follow the tutorials and examples to enhance your skills.
-
For binary examples, navigate to the binaries/ directory.
Contributions to PwnLand are welcome! Whether you want to fix a typo, add a tutorial, or contribute a CTF writeup, please follow these steps:
- Fork the repository
- Create a new branch (
git checkout -b feature/your-feature) - Commit your changes (
git commit -am 'Add new tutorial on XYZ') - Push to the branch (
git push origin feature/your-feature) - Create a new Pull Request
Please ensure your contributions follow the existing structure and include appropriate documentation.
This project is licensed under the MIT License - see the LICENSE file for details.
© 2025 PwnFuzz - Open Source R&D Lab for Fuzzing, Reverse Engineering, Vulnerability Research & Exploit Development