| name | exploit-development |
| description | Use when turning a memory-corruption bug into a working PoC — stack/ROP, glibc heap & FSOP, format strings, browser/JIT type confusion & UAF, Linux/Windows kernel LPE against ASLR/DEP/CFG/CET/V8-Sandbox |
| metadata | {"type":"offensive","phase":"exploitation","tools":"pwntools, gdb-gef, pwndbg, radare2, ropper, ROPgadget, one_gadget, angr, d8, WinDbg, IDA","mitre":["T1203","T1068","T1211","T1212","T1055"]} |
| kill_chain | {"phase":["weaponize","exploit"],"step":[2,4],"attck_tactics":["TA0042","TA0002","TA0004"],"attck_techniques":["T1203","T1068","T1211","T1212","T1055.012"]} |
| depends_on | ["recon-osint","vulnerability-analysis"] |
| feeds_into | ["edr-evasion","shellcode-dev","initial-access","privesc-linux","privesc-windows"] |
| inputs | ["vulnerability_list","attack_surface_map","crash_corpus","target_versions"] |
| outputs | ["exploit_poc","payload","primitive_chain","finding_record"] |
| references | ["references/stack-rop-mitigations.md","references/heap-glibc-fsop.md","references/format-string-leaks.md","references/browser-jit-uaf.md","references/kernel-exploitation.md"] |
| scripts | ["scripts/rop_autochain.py","scripts/offset_finder.py","scripts/heap_fsop.py","scripts/safe_linking.py","scripts/fmtstr_leak.py","scripts/v8_primitives.js","scripts/kernel_lpe_skeleton.c"] |