Published on 18th December, 2025

Binary Exploitation Isn't That Hard

I don't think binary exploitation is that hard. I might be biased, but I'm big on interest. If I'm not already intrigued by something, it's almost impossible to convince me to care about it. But if I am interested, I'll do it no matter how hard it gets — and I never get tired of it.

The landscape has changed a lot. Hackers didn't start with the web. If you listen to the OG hackers, you'll hear many of them talk about wanting to hack the games they were playing, and that curiosity pulled them down the rabbit hole.

That's why I say binary exploitation isn't that hard compared to web hacking. If someone is interested in it, they can start by learning C and understanding the compilation pipeline. They might ask, “If computers don't understand the language I wrote, why do I have to write this?” Then they realize: programmers before them used to code in binary, then moved to assembly, and eventually to this high-level thing we know as C.

From there, they can explore compilation. They can look at the assembly generated from their C code, inspect object files, pull up CPU architecture documentation, and start picking things up. They can begin with something basic like a buffer overflow, intentionally write buggy code, crash their system, and learn how to fix it.

This alone can take them very far.

I sometimes wish I had learned programming this way from the beginning. C is small, easy to understand, and it forces a beginner to learn the absolute fundamentals, like pointers.

And I really don't see how this is significantly harder than web. The difference, I think, is that with binary exploitation you start with the knowledge and apply it to create an exploit, whereas with web you often start with an exploit and work backward to understand the underlying concepts.