Pros of MBE

• More comprehensive curriculum covering a wider range of topics
• Includes lab exercises and challenges for hands-on practice
• Better structured with a clear progression of difficulty

Cons of MBE

• Less frequently updated compared to linux-exploitation-course
• Requires more time investment due to its extensive content
• May be overwhelming for absolute beginners

Code Comparison

MBE example (buffer overflow):

void vulnerable_function(char *input) {
    char buffer[64];
    strcpy(buffer, input);
}

linux-exploitation-course example (format string):

int main(int argc, char **argv) {
    printf(argv[1]);
    return 0;
}

Both repositories provide valuable resources for learning Linux exploitation techniques. MBE offers a more structured and comprehensive approach, ideal for those looking for a full course experience. linux-exploitation-course, while less extensive, provides a more concise overview and may be better suited for quick reference or refreshers.

The code examples demonstrate the focus areas of each repository, with MBE emphasizing classic vulnerabilities like buffer overflows, while linux-exploitation-course covers a range of topics including format string vulnerabilities.

Ultimately, the choice between the two depends on the learner's goals, available time, and prior experience in the field of exploitation and security.

Pros of how2heap

• More focused on heap exploitation techniques
• Regularly updated with new techniques and mitigations
• Includes practical examples for various heap-related vulnerabilities

Cons of how2heap

• Less comprehensive coverage of general Linux exploitation topics
• Primarily targets glibc, with limited coverage of other memory allocators
• May be more challenging for beginners due to its specialized focus

Code Comparison

linux-exploitation-course:

#!/usr/bin/env python2
from pwn import *

context.arch = 'i386'
context.os = 'linux'

shellcode = asm(shellcraft.sh())

how2heap:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main()
{
    char* chunk = malloc(0x20);
    char* chunk2 = malloc(0x20);

Summary

linux-exploitation-course provides a broader overview of Linux exploitation techniques, including both stack and heap-based vulnerabilities. It's more suitable for beginners and covers a wider range of topics.

how2heap focuses specifically on heap exploitation techniques, offering in-depth coverage of various heap-related vulnerabilities and mitigations. It's more suitable for those looking to specialize in heap exploitation and stays up-to-date with the latest techniques.

Both repositories offer valuable resources for learning about Linux exploitation, with linux-exploitation-course providing a more comprehensive introduction and how2heap offering specialized knowledge in heap exploitation.

Pros of pwntools

• Comprehensive Python library for exploit development and CTFs
• Extensive documentation and active community support
• Regularly updated with new features and improvements

Cons of pwntools

• Steeper learning curve for beginners
• Focused on Python, may not be ideal for those preferring other languages
• Can be overkill for simple exploits or learning basic concepts

Code Comparison

linux-exploitation-course example:

#include <stdio.h>
int main() {
    char buffer[64];
    gets(buffer);
    printf(buffer);
    return 0;
}

pwntools example:

from pwn import *
r = remote('example.com', 1337)
r.sendline(b'A' * 64 + p64(0xdeadbeef))
r.interactive()

Summary

linux-exploitation-course is a structured learning resource for understanding Linux exploitation techniques, while pwntools is a powerful Python library for developing exploits and solving CTF challenges. The former is better suited for beginners learning concepts, while the latter is more appropriate for experienced users looking to streamline their exploit development process. Choose based on your skill level and specific needs in the field of cybersecurity and exploitation.

Pros of write-ups-2017

• Comprehensive collection of CTF write-ups from various competitions
• Covers a wide range of challenges and techniques
• Regularly updated with new write-ups

Cons of write-ups-2017

• Less structured learning path compared to linux-exploitation-course
• May lack in-depth explanations for beginners
• Inconsistent quality of write-ups due to multiple contributors

Code Comparison

linux-exploitation-course example:

void vulnerable_function(char* string) {
    char buffer[100];
    strcpy(buffer, string);
}

write-ups-2017 example (from a specific challenge):

def encrypt(plaintext, key):
    ciphertext = ""
    for i in range(len(plaintext)):
        ciphertext += chr((ord(plaintext[i]) + ord(key[i % len(key)])) % 256)
    return ciphertext

The linux-exploitation-course focuses on low-level C programming and memory exploitation, while write-ups-2017 covers a broader range of topics, including cryptography and web security.

linux-exploitation-course provides a structured approach to learning Linux exploitation techniques, with detailed explanations and exercises. write-ups-2017 offers a diverse collection of real-world CTF challenges, allowing users to explore various security concepts and problem-solving approaches.

Both repositories serve different purposes: linux-exploitation-course is ideal for focused learning on Linux exploitation, while write-ups-2017 is better suited for practicing and exploring different types of security challenges.