synthetic-context.net
cve research · rce · offensive security
feed
modules
about
exploit development — structured path
from reading an advisory → understanding the bug → building the PoC → running the shell ·
0x00
beginner →
0x12
classified
+ open a thread
19
modules ·
3
in progress ·
3
classified · updated
2026-05-15
all
foundations
memory
web
linux
advanced
track I · foundations
— no prior knowledge needed. start here.
0x00
CVE Anatomy — Reading an Advisory Like a Researcher
NVD, CVSS score breakdown, affected versions, what "code execution" actually means
8 notes
2026-05-10
0x01
Linux Memory Model — Stack, Heap, libc, and Why It Matters
virtual address layout · /proc/self/maps · where your data lives and why attackers care
11 notes
2026-05-09
0x02
Buffer Overflow 101 — Smashing the Stack by Hand
overwrite return address · control EIP/RIP · from segfault to controlled jump · no ASLR first
14 notes
2026-05-08
0x03
Exploit Lab Setup — Docker, pwntools, GDB in 10 Minutes
reproducible vuln environments · pwndbg install · checksec · python3 exploit skeleton
6 notes
2026-05-07
0x04
Reading C Source for Vulnerabilities — Audit Methodology
dangerous functions · untrusted input tracing · integer overflow patterns · grep tricks that find bugs
9 notes
2026-05-06
0x05
GDB + pwndbg Workflow — Debugging for Exploitation
breakpoints, telescope, heap vis · crash → pattern → offset · the exact commands used in every PoC here
13 notes
2026-05-05
track II · exploitation techniques
— hands-on. each module ends with a working terminal command.
0x06
Stack Exploitation — From Overflow to Remote Code Execution
ret2shellcode · ret2libc · stack pivot · building the payload in Python, running it from bash
17 notes
2026-05-12
0x07
Format String Vulnerabilities — Arbitrary Read and Write
%x leak · %n write primitive · GOT overwrite · printf("%s", user_input) → shell
12 notes
2026-05-11
0x08
Heap Exploitation — Use-After-Free, tcache Poison, Overflow
glibc allocator internals · UAF → type confusion → control flow · the pattern behind CVE-2024-6387
19 notes
2026-05-13
0x09
Command Injection to RCE — From Web Input to Shell
OS command injection patterns · filter bypass · reverse shell one-liners · blind vs verbose output
10 notes
2026-05-10
0x0a
SSRF to Internal RCE — Pivoting via Server-Side Requests
cloud metadata endpoints · internal service discovery · SSRF → redis/memcached → code exec chain
8 notes
2026-05-09
0x0b
Deserialization — Object Injection to Arbitrary Code Execution
Java gadget chains · PHP object injection · ysoserial · finding the sink from the source
14 notes
2026-05-08
track III · advanced
— assumes track I+II. no hand-holding.
0x0c
Container Escape — Breaking Docker Isolation to Host Root
CVE-2024-21626 walkthrough · fd leaks · runc internals · mounted host path → write → LPE
16 notes
2026-05-14
0x0d
Linux Privilege Escalation — SUID, sudo, Capabilities, Cron
enumeration checklist · SUID shell → root · sudo -l abuse patterns · writable cron → reverse shell
22 notes
2026-05-13
0x0e
Mitigation Bypass — ASLR, NX, Stack Canary, PIE
info leak primitives · partial overwrite · canary brute-force on fork() servers · ASLR entropy limits
18 notes
2026-05-12
0x0f
ROP Chains — Return-Oriented Programming from Scratch
gadget search with ROPgadget/ropper · chain construction · ret2csu · bypass NX without shellcode
20 notes
2026-05-11
0x10
Kernel Exploitation Primer — Ring 0 from Userland
in progress
kernel object corruption · modprobe_path overwrite · ret2usr · SMEP/SMAP bypass overview
drafting
—
0x11
Writing a Reliable PoC — From Advisory to Terminal Command
in progress
exploit reliability · race condition timing · offset detection automation · packaging for disclosure
drafting
—
classified
0x12
████████████████████████████████████████
requires completing tracks I–III · contact to request access
⬡
0x13
████████████████████████████
classified
⬡
0xff
████████████████████████████████████████████
classified
⬡
question, correction, or a PoC to share?
no accounts · no tracking · email only
open a thread →