moved ROP and Heap into Yellow

dojo.yml

@@ -30,132 +30,6 @@ files:
    path: "kernel-exploitation/files/0/vmlinux"
 
 modules:
-- id: return-oriented-programming
-  name: Return Oriented Programming
-  description: |
-    Picture yourself as a digital maestro, orchestrating a symphony of code in a vast digital realm.
-    However, there’s a twist: you don’t get to pen down your own notes.
-    Instead, you're given a legacy of existing code snippets, scattered across the system.
-    This is the essence of Return Oriented Programming (ROP) exploits! Using nothing but the remnants of the system’s own code, you craft a cunning composition that dances to your own tune, bypassing modern security measures with elegance and stealth.
-
-    Each snippet is like a musical phrase, ending in a "return" instruction, whisking you off to the next snippet in your clandestine concerto.
-    With each leap and bound, you weave a nefarious narrative, circumventing security checks and executing unauthorized actions, all while under the unsuspecting nose of the system’s defenses.
-
-    ROP is not just a hack; it’s a masterpiece of unauthorized orchestration, a ballet of borrowed instructions, choreographed with precision to achieve your clandestine objectives.
-    With ROP, you step into a realm where every byte is a beat, and every return is a rhythm, embarking on an exhilarating journey of exploitation and discovery.
-  challenges:
-  - id: level-1-0
-    name: level1.0
-    description: Overwrite a return address to trigger a win function!
-  - id: level-1-1
-    name: level1.1
-    description: Overwrite a return address to trigger a win function!
-  - id: level-2-0
-    name: level2.0
-    description: Use ROP to trigger a two-stage win function!
-  - id: level-2-1
-    name: level2.1
-    description: Use ROP to trigger a two-stage win function!
-  - id: level-3-0
-    name: level3.0
-    description: Use ROP to trigger a multi-stage win function!
-  - id: level-3-1
-    name: level3.1
-    description: Use ROP to trigger a multi-stage win function!
-  - id: level-4-0
-    name: level4.0
-    description: Leverage a stack leak while crafting a ROP chain to obtain the flag!
-  - id: level-4-1
-    name: level4.1
-    description: Leverage a stack leak while crafting a ROP chain to obtain the flag!
-  - id: level-5-0
-    name: level5.0
-    description: Craft a ROP chain to obtain the flag, now with no stack leak!
-  - id: level-5-1
-    name: level5.1
-    description: Craft a ROP chain to obtain the flag, now with no stack leak!
-  - id: level-6-0
-    name: level6.0
-    description: Craft a ROP chain to obtain the flag, now with no syscall gadget!
-  - id: level-6-1
-    name: level6.1
-    description: Craft a ROP chain to obtain the flag, now with no syscall gadget!
-  - id: level-7-0
-    name: level7.0
-    description: Utilize a libc leak to ROP with libc!
-  - id: level-7-1
-    name: level7.1
-    description: Utilize a libc leak to ROP with libc!
-  - id: level-8-0
-    name: level8.0
-    description: ROP with libc, no free leak this time!
-  - id: level-8-1
-    name: level8.1
-    description: ROP with libc, no free leak this time!
-  - id: level-9-0
-    name: level9.0
-    description: Perform a stack pivot to gain control flow!
-  - id: level-9-1
-    name: level9.1
-    description: Perform a stack pivot to gain control flow!
-  - id: level-10-0
-    name: level10.0
-    description: Perform a partial overwrite to call the win function.
-  - id: level-10-1
-    name: level10.1
-    description: Perform a partial overwrite to call the win function.
-  - id: level-11-0
-    name: level11.0
-    description: Apply stack pivoting to call the win function.
-  - id: level-11-1
-    name: level11.1
-    description: Apply stack pivoting to call the win function.
-  - id: level-12-0
-    name: level12.0
-    description: Creatively apply stack pivoting to call the win function.
-  - id: level-12-1
-    name: level12.1
-    description: Creatively apply stack pivoting to call the win function.
-  - id: level-13-0
-    name: level13.0
-    description: Perform ROP when the function has a canary!
-  - id: level-13-1
-    name: level13.1
-    description: Perform ROP when the function has a canary!
-  - id: level-14-0
-    name: level14.0
-    description: Perform ROP against a network forkserver!
-  - id: level-14-1
-    name: level14.1
-    description: Perform ROP against a network forkserver!
-  - id: level-15-0
-    name: level15.0
-    description: Perform ROP when the stack frame returns to libc!
-  - id: level-15-1
-    name: level15.1
-    description: Perform ROP when the stack frame returns to libc!
-  resources:
-  - name: "Return Oriented Programming: Introduction"
-    type: lecture
-    video: El8-vMDJ1zY
-    playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
-    slides: 1OM8gd6oqiFl2tU6G-ydiCfkNhgUTNKDFoYz-g2IIwHg
-  - name: "Return Oriented Programming: Binary Lego"
-    type: lecture
-    video: L0gzNhbnOUA
-    playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
-    slides: 1axSooHyjCJulwGNrhYM2GyjWJBSxTAg9Ia9Jpw9gW6s
-  - name: "Return Oriented Programming: Techniques"
-    type: lecture
-    video: OVkObKS0gOo
-    playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
-    slides: 1x7PASDmpjPDXvkD9HmZ2wC2JJNT8lHCkZTYcDQ9CjAk
-  - name: "Return Oriented Programming: Complications"
-    type: lecture
-    video: Iq2IFCKDpKc
-    playlist: PL-ymxv0nOtqo0fRmVHxeOoKHX6ncNWp06
-    slides: 12_ymnKrYPUD1rJz6tauS2oNw45eWivhYMWfUzsnOeHM
-
 - id: format-string-exploits
   name: Format String Exploits
   description: |
@@ -388,166 +262,6 @@ modules:
       - Level 18-20: If encountering issues while working on these levels, consider adjusting your exploit to avoid additional restrictions or barriers.
       - Level 18: Make sure to resolve any issues involving incorrect function calls or logic, such as the read_notes issue.
 
-- id: dynamic-allocator-misuse
-  name: Dynamic Allocator Misuse
-  description: |
-    The glibc heap consists of many components distinct parts that balance performance and security.
-    In this introduction to the heap, the thread caching layer, `tcache` will be targeted for exploitation.
-    `tcache` is a fast thread-specific caching layer that is often the first point of interaction for programs working with dynamic memory allocations.
-
-  challenges:
-  - id: level-1-0
-    name: level1.0
-    description: "Exploit a use-after-free vulnerability to get the flag."
-  - id: level-1-1
-    name: level1.1
-    description: "Exploit a use-after-free vulnerability to get the flag."
-  - id: level-2-0
-    name: level2.0
-    description: "Create and exploit a use-after-free vulnerability to get the flag."
-  - id: level-2-1
-    name: level2.1
-    description: "Create and exploit a use-after-free vulnerability to get the flag."
-  - id: level-3-0
-    name: level3.0
-    description: "Create and exploit a use-after-free vulnerability to get the flag when multiple allocations occur."
-  - id: level-3-1
-    name: level3.1
-    description: "Create and exploit a use-after-free vulnerability to get the flag when multiple allocations occur."
-  - id: level-4-0
-    name: level4.0
-    description: "Corrupt the TCACHE entry_struct value to get the flag when multiple allocations occur."
-  - id: level-4-1
-    name: level4.1
-    description: "Corrupt the TCACHE entry_struct value to get the flag when multiple allocations occur."
-  - id: level-5-0
-    name: level5.0
-    description: "Apply the TCACHE metadata in an unintended manner to set a value."
-  - id: level-5-1
-    name: level5.1
-    description: "Apply the TCACHE metadata in an unintended manner to set a value."
-  - id: level-6-0
-    name: level6.0
-    description: "Corrupt the TCACHE entry_struct to read unintended memory."
-  - id: level-6-1
-    name: level6.1
-    description: "Corrupt the TCACHE entry_struct to read unintended memory."
-  - id: level-7-0
-    name: level7.0
-    description: "Corrupt the TCACHE entry_struct to read unintended memory."
-  - id: level-7-1
-    name: level7.1
-    description: "Corrupt the TCACHE entry_struct to read unintended memory."
-  - id: level-8-0
-    name: level8.0
-    description: "Leverage TCACHE exploits to pass a validation check."
-  - id: level-8-1
-    name: level8.1
-    description: "Leverage TCACHE exploits to pass a validation check."
-  - id: level-9-0
-    name: level9.0
-    description: "Leverage TCACHE exploits to pass a validation check."
-  - id: level-9-1
-    name: level9.1
-    description: "Leverage TCACHE exploits to pass a validation check."
-  - id: level-10-0
-    name: level10.0
-    description: "Leverage TCACHE exploits to gain control flow."
-  - id: level-10-1
-    name: level10.1
-    description: "Leverage TCACHE exploits to gain control flow."
-  - id: level-11-0
-    name: level11.0
-    description: "Leverage TCACHE exploits to gain control flow."
-  - id: level-11-1
-    name: level11.1
-    description: "Leverage TCACHE exploits to gain control flow."
-  - id: level-12-0
-    name: level12.0
-    description: "Leverage TCACHE exploits to cause malloc() to return a stack pointer."
-  - id: level-12-1
-    name: level12.1
-    description: "Leverage TCACHE exploits to cause malloc() to return a stack pointer."
-  - id: level-13-0
-    name: level13.0
-    description: "Leverage calling free() on a stack pointer to read secret data."
-  - id: level-13-1
-    name: level13.1
-    description: "Leverage calling free() on a stack pointer to read secret data."
-  - id: level-14-0
-    name: level14.0
-    description: "Leverage TCACHE exploits to obtain the flag."
-  - id: level-14-1
-    name: level14.1
-    description: "Leverage TCACHE exploits to obtain the flag."
-  - id: level-15-0
-    name: level15.0
-    description: "Leverage TCACHE exploits to obtain the flag."
-  - id: level-15-1
-    name: level15.1
-    description: "Leverage TCACHE exploits to obtain the flag."
-  - id: level-16-0
-    name: level16.0
-    description: "Revisit a prior challenge, now with TCACHE safe-linking."
-  - id: level-16-1
-    name: level16.1
-    description: "Revisit a prior challenge, now with TCACHE safe-linking."
-  - id: level-17-0
-    name: level17.0
-    description: "Revisit a prior challenge, now with TCACHE safe-linking."
-  - id: level-17-1
-    name: level17.1
-    description: "Revisit a prior challenge, now with TCACHE safe-linking."
-  - id: level-18-0
-    name: level18.0
-    description: "Revisit a prior challenge, now with TCACHE safe-linking."
-  - id: level-18-1
-    name: level18.1
-    description: "Revisit a prior challenge, now with TCACHE safe-linking."
-  - id: level-19-0
-    name: level19.0
-    description: "Leverage overlapping allocations to obtain the flag."
-  - id: level-19-1
-    name: level19.1
-    description: "Leverage overlapping allocations to obtain the flag."
-  - id: level-20-0
-    name: level20.0
-    description: "16 bytes and a dream."
-  - id: level-20-1
-    name: level20.1
-    description: "16 bytes and a dream."
-  resources:
-  - name: "Dynamic Allocator Misuse: What is the Heap?"
-    type: lecture
-    video: coAJ4KyrWmY
-    playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
-    slides: 16XMoNQQB_jP0odRvQFhgMi3Neo9VR0g1jBvBXKYBnh0
-  - name: "Dynamic Allocator Misuse: Dangers"
-    type: lecture
-    video: Cr9IeGQxFoc
-    playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
-    slides: 1T5XruKzTxlpslT50op_wxvFsnsa4gshIM0Tue1f8zc4
-  - name: "Dynamic Allocator Misuse: tcache"
-    type: lecture
-    video: 0jHtqqdVv1Y
-    playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
-    slides: 13NbUlNvj1Rm-Cc_E_Crp678c-mgzCi0BYfzXIzFB3zI
-  - name: "Dynamic Allocator Misuse: Chunks and Metadata"
-    type: lecture
-    video: osFevdDR0Xw
-    playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
-    slides: 1BlapIDslDaWeBPUamdG0i35-yveGvWJHZaW_0dan6sU
-  - name: "Dynamic Allocator Misuse: Metadata Corruption"
-    type: lecture
-    video: PtpPcGcX020
-    playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
-    slides: 14SYq0TTVxEGWHNUG1BP66A8liPDD2pqJUs2WrXlCZNE
-  - name: "Dynamic Allocator Misuse: Safe-Linking"
-    type: lecture
-    video: TOQ_QtjpbnA
-    playlist: PL-ymxv0nOtqr4OchXR2rV_WNhpj4ccPq1
-    slides: 1TfwQjqDUFwnhp4pm0W5gFZsTIJO92xtemrp66z-afIM
-
 - id: memory-mastery
   name: Exploitation Primitives
   description: |