Companion code for the Windows-security blog at paragmali.com.
Each lab is a self-contained, reproducible walkthrough of one vulnerability class on Windows x64, with every mitigation toggled on and off so you can see — in real captured artifacts — exactly what each mitigation defeats and what it lets through.
Every labs/<id>/ directory contains:
src/— vulnerable program + exploitbuild.ps1— produces multiple binary variants (mitigations on/off)capture.ps1— runs each variant under WinDbg/cdb, captures memory stateexpected/— committed "golden" artifacts (the JSON+text files that the blog post quotes verbatim)README.md— what you'll learn
CI re-runs capture.ps1 on every push (windows-latest runner) and asserts
the captured artifacts match expected/. If you change the lab, the golden
files update automatically on main.
Requires Windows 11 / Server 2022 + MSVC Build Tools 2022 + Windows SDK 26100.
cd labs\01-stack-overflow-win-x64
.\build.ps1
.\capture.ps1
# compare with .\expected\exploit-labs/
├── README.md ← you are here
├── LICENSE ← MIT
├── SECURITY.md ← responsible-disclosure framing
├── .github/workflows/
│ └── capture.yml ← CI: build + capture on windows-latest
├── ci/
│ └── check-golden.ps1 ← diff captured vs expected/
└── labs/
└── 01-stack-overflow-win-x64/
├── README.md
├── src/vulnerable.c
├── src/exploit.py
├── build.ps1
├── capture.ps1
└── expected/
├── v0-all-off/ (no mitigations)
├── v1-gs-on/ (/GS stack canary)
├── v2-aslr-on/ (/DYNAMICBASE + /HIGHENTROPYVA)
├── v3-cfg-on/ (/guard:cf)
└── v4-cet-on/ (/CETCOMPAT + SetProcessMitigationPolicy)
Everything here targets binaries we wrote, in a controlled lab VM, to teach how Windows mitigations work and fail. See SECURITY.md.
MIT. See LICENSE.