In this article, we will start analyzing the lazy binding process, we will proceed dissecting dl-runtime, understanding when it is possible to use this technique without a leak, and finally we will build our exploit.