Here are a collection of vulnerable ARM binaries designed for beginner vulnerability researchers & exploit developers to play around with and test their skills! These binaries are all built as ARMv7 Mach-O executables (unless specified otherwise) so it is recommended that you use a 32bit jailbroken iOS device with radare2 or another debugging utility installed to test them. ARM 32-bit: - roplevel1: simple introduction to Return Oriented Programming with a simple objective - roplevel2: same idea as level 1 but with a new objective - roplevel3: more advanced use of ROP - roplevel4: dealing with ASLR (infoleak) - roplevel5: same as lvl4 but requires exploitation of format string vuln for the info leak - roplevel6: execute ROP chain by making use of a stack pivot - roplevel7: off-by-one vulnerability Heap 32-bit: - heaplevel1: simple heap based overflow example - heaplevel2: Use-After-Free exploit - heaplevel3: double free() ARM 64-bit: - roplevel1-64: 64-bit version of roplevel1 - roplevel6-64: 64-bit version of roplevel6 Help & Guidance: Write-ups/explanations on some of the binaries can be found on the creator's YouTube channel or in their book 'Beginner's Guide'
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A cross-platform tool for creating malicious MS Office documents with hidden VBA macros and anti-analysis features.
A penetration testing tool that focuses on web browser exploitation
High-performant, coroutines-driven, and fully customisable Low & Slow load generator for real-world pentesting with undetectability through Tor.
Collection of URLs for vulnerable web applications and systems for cybersecurity practice.
A COM Command & Control framework using JScript for stealthy and flexible command and control capabilities on Windows systems.
A macOS Initial Access Payload Generator for penetration testing and red teaming exercises.
GNU/Linux Wireless distribution for security testing with XFCE desktop environment.
A collection of tests for Local File Inclusion (LFI) vulnerabilities using Burp Suite.
A tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) for offensive security purposes.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.