Software vulnerabilities represent one of the most critical attack vectors in modern cyber security, with application-level flaws providing attackers with direct pathways to system compromise and data exfiltration. These Hacktivity labs offer a hands-on approach to understanding the technical depths of software security, designed to develop both offensive and defensive capabilities through practical exploration of vulnerability discovery, exploitation, and mitigation techniques. Through guided scenarios and interactive challenges, participants will gain invaluable experience in analysing vulnerable code, developing exploits, and understanding the secure software development lifecycle, moving far beyond surface-level security concepts to master the technical details of how software failures occur and can be exploited. The practical exercises bridge the gap between theoretical knowledge of software security principles and real-world application, enabling learners to develop critical skills in vulnerability research, exploit development, and secure coding practices that are essential for professional roles in cyber security research, penetration testing, and secure software development.

The practical labs cover a comprehensive range of topics related to software vulnerabilities and exploit development. The first two labs focus on understanding software vulnerabilities, ranging from basic concepts in programming errors to more complex issues like injection attacks, race conditions, and format string attacks. The third lab introduces bug hunting techniques, including fuzzing and static analysis, to uncover hidden security flaws. The next two labs delve into exploit development, with a focus on Windows stack-smashing buffer overflows and Linux buffer overflows. The final labs explore advanced topics, including bypassing the Non-Executable (NX) stack protection and Address Space Layout Randomization (ASLR) on Linux systems. Throughout these labs, you will gain hands-on experience in identifying, exploiting, and mitigating various software vulnerabilities.