My first passion, though I don't always have the time to partake in these activities, is to find and exploit stack-based buffer overflows. Ever since I learned how to work through this process of identifying a buffer overflow vulnerability, causing a crash, repeating the crash with a specialized payload pattern, identifying the offset, identifying bad characters, and finally writing the exploit, I have enjoyed sharing this knowledge with others.

Granted, there are more advanced versions nowadays that incorporate common defense mechanism bypasses, but still. To me, there are only a handful of things more satisfying than working through a simple buffer overflow. As silly as it sounds, it brings me great joy, especially when I can teach others. Then again, I'm a fan of working through disassembled instructions, IA32, and IA64 on Linux. If only all buffer overflows were still this simple.

That being said, let's dive into some simple tests for validating a stack-based buffer overflow vulnerability using EDB. This wonderful debugger offers so much more, though, in terms of working through vulnerability identification and exploit testing. It really is such a great tool and I have a sincere appreciation for the author of the tool for writing it in the first place.

As we work through this recipe, we'll focus on keeping it short and to the point. If we were actually interested in exploit writing, this recipe could be quite a bit longer, so instead, we'll keep the focus on analysis and validating the vulnerability. Some could argue, and I would agree, that there is no better validation than writing a working exploit; however, we will remain as in scope as possible for the sake of brevity. I encourage you to take this recipe further and develop a working exploit since it's good practice.