I highly suggest doing the labs of MIT's 6.858 (Computer System Security). I'm taking it right now, and it's one of the most rewarding classes. The labs can be found here: http://css.csail.mit.edu/6.858/2013/schedule.html. In fact, the first lab is all about buffer overflows and return to libc attacks. All labs come with autocheckers or sufficient instructions to check your answers. The first lab can be found here: http://css.csail.mit.edu/6.858/2013/labs/lab1.html. Highly highly recommended to anyone. I wish more people knew about this class because it's class A, absolutely awesome. Very practical and informative.
If this kind of stuff interests you, then you should really check out Phrack Magazine [1] (although not very active anymore). There was an amazing article from '96 entitled "Smashing The Stack For Fun And Profit" [2], which gives a great overview of how this all works.
This is a legendary article that brought these vulnerabilities to the spotlight, but it's somewhat outdated by now.
You can read it for the cult value and as a general reference to have, but for someone really looking to get into it, I'd recommend Corelan's exploit tutorials, Open Security Training's courses and The Legend of Random's articles on reverse engineering.
You might enjoy one of my favourite time wasting websites of all time (Windows kind of required at times though but in the age of VMs that's a nonissue). The +XXX folks were basically my reversing education, makes me wonder if the identity of +orc was ever figured out :)
If you're into this type of stuff check out Smash the stack[1] It has a bunch of memory type vulnerability wargames (specifically the IO level) for your choosing. They start off basic, like the one you presented in the blog, then more advanced topics like heap overflows, return 2 libc, SEH overwrites, GOT overwrites, ROP techniques etc.
like WestCoastJustin pointed out phrack has phenomenal articles but require you to have a fairly strong understanding of C and Operating system type things.
In my opinion, Smashthestack's Logic wargames are a lot more buffer overflow focused than IO ones. The first level php problem is rather misleading in that regard.
Smashthestack and overthewire both have a wide variety of wargames that might be fun to look into if you're interested in pursing security related challenges:
[+] [-] jaredlwong|12 years ago|reply
[+] [-] WestCoastJustin|12 years ago|reply
[1] http://www.phrack.com
[2] http://www.phrack.com/issues.html?issue=49&id=14#article
[+] [-] dobbsbob|12 years ago|reply
[+] [-] vezzy-fnord|12 years ago|reply
You can read it for the cult value and as a general reference to have, but for someone really looking to get into it, I'd recommend Corelan's exploit tutorials, Open Security Training's courses and The Legend of Random's articles on reverse engineering.
[+] [-] kriro|12 years ago|reply
http://3564020356.org/
I really liked the hash-maze, cool idea.
[+] [-] Moral_|12 years ago|reply
like WestCoastJustin pointed out phrack has phenomenal articles but require you to have a fairly strong understanding of C and Operating system type things.
[1] http://www.smashthestack.org/
[+] [-] tardigrade|12 years ago|reply
Smashthestack and overthewire both have a wide variety of wargames that might be fun to look into if you're interested in pursing security related challenges:
smashthestack - http://www.smashthestack.org/ overthewire - http://www.overthewire.org/wargames/
There's also an intro level CTF going on for another 9 days @ http://zeromutarts.de/
Registration is easy and instantaneous.
[+] [-] moloch|12 years ago|reply
[+] [-] yuhong|12 years ago|reply
[+] [-] im3w1l|12 years ago|reply