Chapter 35 Further Reading: Buffer Overflows and Memory Corruption
Foundational Papers
"Smashing the Stack for Fun and Profit" by Aleph One (Phrack #49, 1996)
The paper that introduced buffer overflow exploitation to a wide audience. Explains the stack layout, overflow mechanics, and shellcode construction in detail. Essential historical reading — understanding what this paper explained and why it was considered significant contextualizes 30 years of security development that followed it.
https://phrack.org/issues/49/14.html
"SoK: Eternal War in Memory" (IEEE S&P 2013) by Szekeres, Payer, Wei, Song A systematic survey classifying all memory corruption vulnerabilities and mitigations. Provides a unified framework: spatial (buffer overflow) vs. temporal (use-after-free) errors, and the mitigation landscape. Available free: search "Eternal War in Memory PDF."
"Exploiting the Hard-Coded Interfaces of the Linux Kernel" — relevant sections For kernel-level heap exploitation context. The Linux kernel's SLAB/SLUB allocator has specific structures that affect how kernel UAF bugs are exploited and defended.
Books
"The Art of Exploitation" by Jon Erickson (2nd edition, No Starch Press) The most approachable book combining assembly, buffer overflows, shellcode, and format strings. Includes a bootable CD with a Linux environment for hands-on practice. Chapters 2, 3, and 4 are directly relevant to this chapter's content.
"A Bug Hunter's Diary" by Tobias Klein A first-person account of finding and analyzing real vulnerabilities in real software. Each chapter covers a different bug class (buffer overflow, use-after-free, format string) in a different application. Bridges theory and the messy reality of actual vulnerability research.
"Hacking: The Art of Exploitation" — specifically Chapter 3 (Exploitation) A complementary perspective to Erickson, with additional focus on heap exploitation mechanics and GDB-based analysis.
Online Resources
LiveOverflow YouTube Channel
The best introductory and intermediate video series on binary exploitation. The "Binary Exploitation" playlist covers buffer overflows, shellcode, format strings, and heap exploitation with annotated GDB walkthroughs. The videos make abstract concepts concrete.
https://www.youtube.com/c/LiveOverflow
how2heap by shellphish (GitHub)
A collection of educational glibc heap exploitation techniques, each in a standalone C program that demonstrates the technique. Use it with GDB to understand tcache poisoning, double-free, and heap overflow patterns.
https://github.com/shellphish/how2heap
pwn.college — Program Security module
Structured, progressive challenges covering buffer overflows through modern heap exploitation. Browser-based Linux environment, no setup required. The curriculum is designed by ASU security researchers.
https://pwn.college/
Tool References
AddressSanitizer documentation
https://clang.llvm.org/docs/AddressSanitizer.html
Complete documentation including all error types, flags, and interpretation of output. Using ASan regularly is the single most effective technique for finding memory corruption bugs before they become vulnerabilities.
Valgrind Memcheck documentation
https://valgrind.org/docs/manual/mc-manual.html
Memcheck finds use-after-free, uninitialized reads, and out-of-bounds writes (in heap allocations). Slower than ASan but useful for finding bugs that ASan misses (particularly timing-dependent bugs).
Historical Context
"The Internet Worm Program: An Analysis" by Eugene Spafford (Purdue Technical Report, 1988)
The definitive contemporary analysis of the Morris Worm, published weeks after the incident. Spafford analyzed both the fingerd buffer overflow and the other vectors the worm used. A primary source document for understanding how the first major internet security incident unfolded.
RFC 1135: "The Helminthiasis of the Internet" (1989) The official post-mortem documentation. Describes the worm's spread, the impact on internet operations, and the community response. Readable as a historical document showing how the internet community coordinated under attack for the first time.