| name | vulnerability-analysis |
| description | Identify vulnerability class, analyze root cause, and plan exploitation strategy. |
Vulnerability Analysis
Systematic identification and analysis of vulnerabilities in binary targets.
Vulnerability Classes
| Class |
Signals |
Typical Cause |
| Stack BOF |
No bounds check on input |
gets(), strcpy(), sprintf() |
| Format String |
User input as format arg |
printf(buf) instead of printf("%s", buf) |
| Heap Corruption |
Dynamic allocation + free |
UAF, double-free, heap overflow |
| Integer Overflow |
Arithmetic on user input |
Size calculations, array indexing |
| Race Condition |
Multi-threaded or file ops |
TOCTOU, signal handlers |
| Logic Bug |
Unexpected program state |
Auth bypass, incorrect checks |
Analysis Process
- Trace user input - Where does it enter? Where does it go?
- Find sinks - Dangerous functions that consume input
- Check bounds - Are there size limits? Are they enforced?
- Check protections - What mitigations affect exploitation?
Dangerous Function Patterns
// Stack BOF
gets(buf); // No bounds
strcpy(dst, src); // No bounds
sprintf(buf, fmt, ...); // No bounds
scanf("%s", buf); // No bounds
// Format String
printf(user_input); // User controls format
// Command Injection
system(user_input); // Direct command exec
popen(user_input, "r"); // Command exec
Mitigation Bypass Planning
| Have |
Need |
Strategy |
| BOF + NX |
Code exec |
ROP chain, ret2libc |
| BOF + Canary |
Bypass |
Leak canary first |
| BOF + PIE |
Fixed addr |
Leak code address |
| Format + No write |
Write primitive |
Use %n specifier |
| Heap + no leak |
Info leak |
Heap feng shui |
Output
Produce context/vulnerability-analysis.md using the template.