Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work (plus it's a really cool song).

It's true there are a lot of resources out there to learn binary exploitation / reverse engineering skills, so what makes this different?

* Amount of Content - There is a large amount of content in this course (currently over 90 challenges), laid out in a linear fashion. * Well Documented Write Ups - Each challenge comes with a well documented writeup explaining how to go from being handed the binary to doing the exploit dev. * Multiple Problems per Topic - Most modules have multiple different challenges. This way you can use one to learn how the attack works, and then apply it to the others. Also different iterations of the problem will have knowledge needed to solve it. * Using all open source tools - All the tools used here are free and open sourced. No IDA torrent needed. * A Place to Ask Questions - So if you have a problem that you've been working for days and can't get anywhere (and google isn't helping).

I have found that resources that have many of these things to be few and far between. As a result it can make learning these skills difficult since you don't really know what to learn, or how to learn it. This is essentially my attempt to help fix some of those problems.

If you want, there is a static github pages site which people say looks better: https://guyinatuxedo.github.io/

If you want to manually build the site, I just used mdbook. After installing rust and cargo, just install mdbook with sudo cargo install mdbook . Then just run mdbook build .

A copy of all of the challenges listed, can be found on the github: https://github.com/guyinatuxedo/nightmare

Special thanks to these people:

noopnoop - For dealing with me digitalcold - For showing me how good nightmare could look with mdbook you nerds - For looking at this

If you get stuck on something for hours on end and google can't answer your question, try asking in the discord (or if you just feel like talking about cool security things). Here is a link to it https://discord.gg/p5E3VZF

Also if you notice any typos or mistakes, feel free to mention it in the Discord. With how much content is here, there is bound to be at least one.

Here is the index for all of the content in this course. Feel free to go through the whole thing, or only parts of it (don't let me tell you how to live your life). For the order that you do the challenges in a module, I would recommend starting with the first.

Intro to assembly

Sample assembly reverse challs

gdb-gef

pwntools

ghidra

pico18_strings

helithumper_re

csaw18_tourofx86pt1

csaw19_beleaf

Csaw18/boi

TokyoWesterns17/just_do_it

Tamu19_pwn1

Csaw18_getit

Tu17_vulnchat

Csaw16_warmup

quick aslr/pie explanation

Tamu19_pwn3

Csaw17_pilot

Tu18_shelleasy

nx explanation

dcquals19_speedrun1

bkp16_simplecalc

dcquals16_feedme

stack canary introduction

relro introduction

csaw17_svc

fb19_overfloat

hs19_storytime

csaw19_babyboi

utc19_shellme

h3_time

hsctf19_tuxtalkshow

sunshinectf17_prepared

backdoor17_bbpwn

twesterns16_greeting

pico_echo

watevr19_betstar

dcquals16_xkcd

sawmpctf19_dreamheaps

sunshinectf2017_alternativesolution

tokyowesterns17_revrevrev

tuctf_future

hsctf19_abyte

securityfest_fairlight

plaid19_icancount

defcamp15_r100

asis17_marymorton

hxp18_poorcanary

tu_guestbook

Tu17_vulnchat2

Tamu19_pwn2

hacklu15_stackstuff

backdoorctf_funsignals

inctf17_stupiddrop

swamp19_syscaller

csaw19_smallboi

defconquals19_speedrun4

insomnihack18_onewrite

xctf16_b0verfl0w

ropemporium_ret2csu

0ctf 2018 babystack

defconquals19_s3

Csaw18_shellpointcode

defconquals19_s6

dcquals18_elfcrumble

plaid19_plaid_part_planning_III

csaw16_gametime

csaw13_dotnet

csaw13_bikinibonanza

whitehat18_re06

sawmpctf19_future

asis18quals_babyc

other_movfuscated

h3_challenge0

h3_challenge1

h3_challenge2

h3_challenge3

protostar_heap1

protostar_heap0

protostar_heap2

explanation

explanation

swamp19_heapgolf

pico_areyouroot

Use After Free

Double Free

Null Byte Heap Consolidation

explanation

0ctf18_babyheap

csaw17_auir

explanation

dcquals19_babyheap

plaid19_cpp

explanation

hitcon14_stkof

zctf16_note

explanation

hitcon_magicheap

0ctf16_zer0storage

largebin0_explanation

largebin1_explanation

csawquals17_minesweeper

csawquals18_AliensVSSamurai

csawquals19_traveller

csaw18_tour_of_x86_pt_2

csaw15_hackingtime

csaw17_realism

puzzle

int_overflow_post

signed_unsigned_int_expl

csaw15_wyvern

csaw17_prophecy

bkp16_unholy

swamp19_badfile

csaw18_doubletrouble

hackim19_shop

unit_vars_expl

csaw19_gibberish

explanation

hacklu14_oreo

explanation

explanation

bkp16_cookbook

explanation

explanation

csaw19_poppingCaps0

csaw19_poppingCaps1

csaw20_rop