Here are a collection of vulnerable ARM binaries designed for beginner vulnerability researchers & exploit developers to play around with and test their skills! These binaries are all built as ARMv7 Mach-O executables (unless specified otherwise) so it is recommended that you use a 32bit jailbroken iOS device with radare2 or another debugging utility installed to test them. ARM 32-bit: - roplevel1: simple introduction to Return Oriented Programming with a simple objective - roplevel2: same idea as level 1 but with a new objective - roplevel3: more advanced use of ROP - roplevel4: dealing with ASLR (infoleak) - roplevel5: same as lvl4 but requires exploitation of format string vuln for the info leak - roplevel6: execute ROP chain by making use of a stack pivot - roplevel7: off-by-one vulnerability Heap 32-bit: - heaplevel1: simple heap based overflow example - heaplevel2: Use-After-Free exploit - heaplevel3: double free() ARM 64-bit: - roplevel1-64: 64-bit version of roplevel1 - roplevel6-64: 64-bit version of roplevel6 Help & Guidance: Write-ups/explanations on some of the binaries can be found on the creator's YouTube channel or in their book 'Beginner's Guide'
FEATURES
ALTERNATIVES
Using Apache mod_rewrite as a redirector to filter C2 traffic for Cobalt Strike servers.
Advanced command and control tool for red teaming and adversary simulation with extensive features and evasion capabilities.
A collection of Python scripts for password spraying attacks against Lync/S4B & OWA, featuring Atomizer, Vaporizer, Aerosol, and Spindrift tools.
A Python-based tool for identifying and exploiting file inclusion and directory traversal vulnerabilities in web applications.
Preparation process for participating in the Pacific Rim CCDC 2015.
A penetration testing tool for intercepting SSH connections and logging plaintext passwords.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.